CN105429752A - Processing method and system of user key in cloud environment - Google Patents
Processing method and system of user key in cloud environment Download PDFInfo
- Publication number
- CN105429752A CN105429752A CN201510764378.3A CN201510764378A CN105429752A CN 105429752 A CN105429752 A CN 105429752A CN 201510764378 A CN201510764378 A CN 201510764378A CN 105429752 A CN105429752 A CN 105429752A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- equipment
- encrypted
- request instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present application provides a processing method and system of a user key in a cloud environment. The method comprises a step of receiving a request command of obtaining a key which encrypts target data, wherein the request command comprises the access authority list of the key and an encryption domain, a step of generating a key which is matched with the request command, a step of distributing a key ID for the key, and a step of sending the ID of the key to a user terminal. A user sets the access authority list of the key and the encryption domain in the request command, a user capable of accessing is limited by the access authority list of the key, thus only the user in the authority list has access authority, the access authority of the user key by the equipment in a cloud end is limited by the encryption domain, and only the user can control the key in the cloud end and the operation executed by the hardware equipment of the cloud end. The key is only circulated in the cloud end passward hardware equipment limited by the encryption domain, the key mangement and use among multiple users is safely isolated, and thus the security of user privacy data storage is improved.
Description
Technical field
The application relates to computer realm, particularly the processing method of user key and system under a kind of cloud environment.
Background technology
Along with the development of technology, people are more and more higher to the processing requirements of user key under cloud environment.
Under cloud environment, usually adopt the password that arranges as the encryption key of privacy of user data or adopt the encryption key of password encryption to private data to be encrypted to protect and be stored on Cloud Server.And the password that user is arranged is usually comparatively simple, easily cracks thus causes private data leakage.
Therefore, how effective privacy of user data to be encrypted, to ensure that the fail safe of privacy of user data is the current technical issues that need to address of those skilled in the art.
Summary of the invention
Technical problems to be solved in this application are to provide processing method and the system of user key under a kind of cloud environment, solve the password that in prior art, user is arranged usually comparatively simple, easily crack thus cause the problem of private data leakage.
Its concrete scheme is as follows:
A processing method for user key under cloud environment, the method comprises:
Receive the request instruction obtained the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key;
Produce the key matched with described request instruction;
For described encryption key distribution key ID;
The key ID of described key is sent to user terminal.
Above-mentioned method, also comprises:
Obtain the CIPHERING REQUEST instruction be encrypted described target data, described CIPHERING REQUEST instruction comprises key ID;
The equipment for encrypting is obtained in described encrypted domain;
The described PKI for the equipment encrypted is adopted to be encrypted operation to the described key for encrypting;
Be used for the equipment encrypted described in being sent to by key after encryption, the described equipment for encrypting performs corresponding cryptographic operation, and the target data after encryption is kept at high in the clouds.
Above-mentioned method, also comprises:
When described target data is the data stored in cloud environment, also comprise:
Obtain user PIN password;
Computing is carried out, using the result of computing as final key to described PIN password and described key.
Above-mentioned method, also comprises:
Receive the decoding request instruction be decrypted described target data, described decoding request instruction comprises user ID and key ID;
Check described user ID whether in the list of access rights of described key;
When described user ID is in the list of access rights of described key, be decrypted operation.
Above-mentioned method, described in be decrypted operation, comprising:
The equipment for deciphering is obtained in described encrypted domain;
The described PKI for the equipment deciphered is adopted to be encrypted operation to the described key for deciphering;
Be used for the equipment deciphered described in being sent to by key after encryption, the described equipment for deciphering performs corresponding decryption oprerations.
A treatment system for user key under cloud environment, this system comprises:
First receiving element, for receiving the request instruction obtained the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key;
Generation unit, for generation of the key matched with described request instruction;
Allocation units, for being described encryption key distribution key ID;
First transmitting element, for sending to user terminal by the key ID of described key.
Above-mentioned system, also comprises:
First acquiring unit, for obtaining the CIPHERING REQUEST instruction be encrypted described target data, described CIPHERING REQUEST instruction comprises key ID;
Second acquisition unit, obtains the equipment for encrypting in described encrypted domain;
First ciphering unit, for adopting the described PKI for the equipment encrypted to be encrypted operation to the described key for encrypting;
Second transmitting element, described in being sent to by the key after encryption, be used for the equipment encrypted, the described equipment for encrypting performs corresponding cryptographic operation, and the target data after encryption is kept at high in the clouds.
Above-mentioned system, when the described target data in described receiving element is the data stored in cloud environment, also comprises:
3rd acquiring unit, for obtaining user PIN password;
Arithmetic element, for carrying out computing, using the result of computing as final key to described PIN password and described key.
Above-mentioned system, also comprises:
Second receiving element, for receiving the decoding request instruction be decrypted described target data, described decoding request instruction comprises user ID;
Inspection unit, for checking described user ID whether in the list of access rights of described key;
Decryption unit, for when described user ID is in the list of access rights of described key, is decrypted operation.
Above-mentioned system, described decryption unit, comprising:
4th acquiring unit, for obtaining the equipment for deciphering in described encrypted domain;
Second ciphering unit, for adopting the described PKI for the equipment deciphered to be encrypted operation to the described key for deciphering;
3rd transmitting element, described in being sent to by the key after encryption, be used for the equipment deciphered, the described equipment for deciphering performs corresponding decryption oprerations.
Under a kind of cloud environment that the application provides user key processing method in, receive and obtain request instruction to the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key; Produce the key matched with described request instruction; For described encryption key distribution key ID; The key ID of described key is sent to user terminal.In the application, user is provided with list of access rights and the encrypted domain of key in request instruction, the list of access rights of key limits the user that can conduct interviews, the user only in permissions list is made just to have access right, encrypted domain limits equipment in high in the clouds and, to the access rights of user key, makes to only have user can control its key beyond the clouds and the operation performed by the hardware device in high in the clouds.Key only circulates in the high in the clouds cryptographic hardware equipment of encrypted domain restriction, and key management and use safety between multi-user are isolated, and then promotes the fail safe of privacy of user data storage.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present application, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the processing method embodiment 1 of user key under a kind of cloud environment of the application;
Fig. 2 is the flow chart of the processing method embodiment 2 of user key under a kind of cloud environment of the application;
Fig. 3 is the flow chart of the processing method embodiment 3 of user key under a kind of cloud environment of the application;
Fig. 4 is the structural representation of the treatment system embodiment 1 of user key under a kind of cloud environment of the application;
Fig. 5 is the schematic diagram of user key process embody rule under a kind of cloud environment of the application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
With reference to figure 1, show the flow chart of the processing method embodiment 1 of user key under a kind of cloud environment of the application, can comprise the following steps:
Step S101: receive the request instruction obtained the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key.
In the application, the encryption key of user produces management by the equipment in cloud environment is unified, before user needs to be encrypted operation to private data, need in cloud environment, send the request instruction obtaining encryption key, then have the encryption key of equipment generation required for user in cloud environment.
In order to ensure the fail safe of user profile, in the instruction of the acquisition encryption key requests sent in cloud environment user, user is provided with the list of access rights of key and encrypted domain (i.e. the use region of key or the equipment of use).
The data that the list of access rights of key makes to only have user in lists can use cipher key access encrypts, encrypted domain makes key can only use in encrypted domain, and the region beyond encrypted domain or equipment cannot use this key.
Step S102: produce the key matched with described request instruction.
After equipment in cloud environment receives the request instruction of the acquisition encryption key that user sends, according to the information that described request instruction comprises, as list of access rights and the encrypted domain of target data, key, produce corresponding key, use user and the use region of this key all limit.
Step S103: be described encryption key distribution key ID.
Distribute key ID to the encryption key of each generation, each encryption key has and only has a key ID, and the key ID of different encryption keys is different.
Step S104: the key ID of described key is sent to user terminal.
Finally, key ID is sent to user by the equipment in cloud environment, only needs the operation can carrying out key according to key ID after user.
Under a kind of cloud environment that the application provides user key processing method in, user is provided with list of access rights and the encrypted domain of key in request instruction, the list of access rights of key limits the user that can conduct interviews, the user only in permissions list is made just to have access right, encrypted domain limits equipment in high in the clouds and, to the access rights of user key, makes to only have user can control its key beyond the clouds and the operation performed by the hardware device in high in the clouds.Key only circulates in the high in the clouds cryptographic hardware equipment of encrypted domain restriction, and key management and use safety between multi-user are isolated, and then promotes the fail safe of privacy of user data storage.
With reference to figure 2, show the flow chart of the processing method embodiment 2 of user key under a kind of cloud environment of the application, can comprise the following steps:
Step S201: obtain the CIPHERING REQUEST instruction be encrypted described target data, described CIPHERING REQUEST instruction comprises key ID.
In the application, user to the cryptographic operation of private data by the equipment unified management in cloud environment, when user needs to be encrypted operation to private data, after user gets encryption key, send the CIPHERING REQUEST instruction that private data is encrypted to the equipment in cloud environment.
In CIPHERING REQUEST instruction, comprise key ID, the double secret key private data that the equipment utilization user in cloud environment is provided is encrypted operation.
Step S202: obtain the equipment for encrypting in described encrypted domain.
After equipment in cloud environment gets CIPHERING REQUEST instruction, in the equipment in the encrypted domain of key, obtain user is encrypted operation equipment to described private data.
Step S203: adopt the described PKI for the equipment encrypted to be encrypted operation to the described key for encrypting.
Step S204: be used for the equipment encrypted described in being sent to by the key after encryption, the described equipment for encrypting performs corresponding cryptographic operation, and the target data after encryption is kept at high in the clouds.
Be used for the equipment encrypted described in being sent to by key after encryption, guarantee to only have the equipment performing this cryptographic operation just can perform the cryptographic operation of user, ensure the fail safe of user encryption operation.
In the application, when described target data is only the data stored in cloud environment, also comprise:
Obtain user PIN password.
Computing is carried out, using the result of computing as final key to described PIN password and described key.
User store in cloud environment and without the need to carrying out with other user the data exchanged time, the random number key material that equipment in the PIN password that its encryption key then adopts user to grasp and cloud environment produces as key, guarantees that integrity key only has user self to grasp after computing.
With reference to figure 3, show the flow chart of the processing method embodiment 3 of user key under a kind of cloud environment of the application, can comprise the following steps:
Step S301: receive the decoding request instruction be decrypted described target data, described decoding request instruction comprises user ID and key ID.
When other users need to conduct interviews to the data of active user's encryption, need to send decoding request instruction in the equipment in cloud environment, and in decoding request instruction, need user ID and the key ID of the user comprising request access data.
Carried out the exchange of key between user by key ID, the application system of user does not contact key ciphertext.
Step S302: check described user ID whether in the list of access rights of described key.
The user of request access data is checked, in the list of access rights of the user ID judging described user whether again key.
Step S303: when described user ID is in the list of access rights of described key, be decrypted operation.
Only have that user's be identified in the list of access rights of key, that is, when the user of request access data has access rights, just can to the decrypt data operation of access, otherwise, do not allow the user of request access data to carry out the accessing operation of data.
Describedly be decrypted operation, specifically comprise:
The equipment for deciphering is obtained in described encrypted domain.
The PKI of the above-mentioned equipment for deciphering is adopted to be encrypted operation to the described key for deciphering.
Be used for the equipment deciphered described in being sent to by key after encryption, the described equipment for deciphering performs corresponding decryption oprerations.
Corresponding with the method that the embodiment of the method 1 of user key under a kind of cloud environment of above-mentioned the application provides, see Fig. 4, present invention also provides the system embodiment 1 of user key under a kind of cloud environment, in the present embodiment, this system comprises:
First receiving element 401, for receiving the request instruction obtained the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key.
Generation unit 402, for generation of the key matched with described request instruction.
Allocation units 403, for being described encryption key distribution key ID.
First transmitting element 404, for sending to user terminal by the key ID of described key.
Present invention also provides the system embodiment 2 of user key under a kind of cloud environment, in the present embodiment, this system comprises:
First acquiring unit, for obtaining the CIPHERING REQUEST instruction be encrypted described target data, described CIPHERING REQUEST instruction comprises key ID.
Second acquisition unit, obtains the equipment for encrypting in described encrypted domain.
First ciphering unit, for adopting the described PKI for the equipment encrypted to be encrypted operation to the described key for encrypting.
Second transmitting element, described in being sent to by the key after encryption, be used for the equipment encrypted, the described equipment for encrypting performs corresponding cryptographic operation, and the target data after encryption is kept at high in the clouds.
When the described target data in described receiving element is the data stored in cloud environment, also comprise:
3rd acquiring unit, for obtaining user PIN password.
Arithmetic element, for carrying out computing, using the result of computing as final key to described PIN password and described key.
Present invention also provides the system embodiment 3 of user key under a kind of cloud environment, in the present embodiment, this system comprises:
Second receiving element, for receiving the decoding request instruction be decrypted described target data, described decoding request instruction comprises user ID.
Inspection unit, for checking described user ID whether in the list of access rights of described key.
Decryption unit, for when described user ID is in the list of access rights of described key, is decrypted operation.
Described decryption unit, comprising:
4th acquiring unit, for obtaining the equipment for deciphering in described encrypted domain.
Second ciphering unit, for adopting the described PKI for the equipment deciphered to be encrypted operation to the described key for deciphering.
3rd transmitting element, described in being sent to by the key after encryption, be used for the equipment deciphered, the described equipment for deciphering performs corresponding decryption oprerations.
In the process of specific implementation, as shown in Figure 5, the application and password resource pool combine with technique use, and management equipment is responsible for user's registration, key management, key rights management carry out task matching according to the encrypted domain of key; Cryptographic service agency is responsible for realizing the communication interface with key management apparatus, cryptographic service equipment; Cryptographic service equipment realizes cryptographic service according to the task scheduling of key management apparatus and remove key at the end of cryptographic service.
Need to use the key management apparatus register account number that first user of cloud cryptographic service needs to cloud environment.
Before encryption private data, user is by the key management apparatus application generation key of cryptographic service agency to cloud environment, (secret key encryption is stored in key management apparatus the encrypted domain of specifying the list of access rights of this key and key to use, and unique key ID is returned to user.
During user encryption private data, by cryptographic service, key ID is told key management apparatus by agency, pass to cryptographic service equipment after key being performed by key management apparatus the public key encryption protection of the cryptographic service equipment of this cryptographic tasks, guarantee to only have the equipment performing this cryptographic tasks can untie this key; If encryption is only at the private data that cloud environment stores, then PIN is passed to cryptographic service equipment by user simultaneously, and the key issued according to PIN, key management apparatus by cryptographic service equipment calculates data encryption key as component.
Recipient is when data decryption, and by cryptographic service, key ID is notified key management apparatus by agency, checks this user whether in the list of access rights of this key by key management apparatus; If check and pass through, then key management apparatus passes to cryptographic service equipment after key being adopted the cryptographic service equipment public key encryption performing task of decryption.
In the application, be set by the user list of access rights and the encrypted domain of key, realize key to access by authority, the application system of user carries out cipher key change by the unique key ID of the overall situation, application system does not contact key ciphertext, adopt PIN as encryption key component to the private data that cloud environment stores, make the keeper of cloud environment and attendant obtain user key, ensure the fail safe of user encryption data.
It should be noted that, each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.For device class embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Finally, also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
For convenience of description, various unit is divided into describe respectively with function when describing above device.Certainly, the function of each unit can be realized in same or multiple software and/or hardware when implementing the application.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the application can add required general hardware platform by software and realizes.Based on such understanding, the technical scheme of the application can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the application or embodiment.
Under a kind of cloud environment provided the application above, the processing method of user key and system are described in detail, apply specific case herein to set forth the principle of the application and execution mode, the explanation of above embodiment is just for helping method and the core concept thereof of understanding the application; Meanwhile, for one of ordinary skill in the art, according to the thought of the application, all will change in specific embodiments and applications, in sum, this description should not be construed as the restriction to the application.
Claims (10)
1. the processing method of user key under cloud environment, it is characterized in that, the method comprises:
Receive the request instruction obtained the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key;
Produce the key matched with described request instruction;
For described encryption key distribution key ID;
The key ID of described key is sent to user terminal.
2. method according to claim 1, is characterized in that, also comprises:
Obtain the CIPHERING REQUEST instruction be encrypted described target data, described CIPHERING REQUEST instruction comprises key ID;
The equipment for encrypting is obtained in described encrypted domain;
The described PKI for the equipment encrypted is adopted to be encrypted operation to the described key for encrypting;
Be used for the equipment encrypted described in being sent to by key after encryption, the described equipment for encrypting performs corresponding cryptographic operation, and the target data after encryption is kept at high in the clouds.
3. method according to claim 1, is characterized in that, when described target data is the data stored in cloud environment, also comprises:
Obtain user PIN password;
Computing is carried out, using the result of computing as final key to described PIN password and described key.
4. the method according to any one of claims 1 to 3, is characterized in that, also comprises:
Receive the decoding request instruction be decrypted described target data, described decoding request instruction comprises user ID and key ID;
Check described user ID whether in the list of access rights of described key;
When described user ID is in the list of access rights of described key, be decrypted operation.
5. method according to claim 4, is characterized in that, described in be decrypted operation, comprising:
The equipment for deciphering is obtained in described encrypted domain;
The described PKI for the equipment deciphered is adopted to be encrypted operation to the described key for deciphering;
Be used for the equipment deciphered described in being sent to by key after encryption, the described equipment for deciphering performs corresponding decryption oprerations.
6. the treatment system of user key under cloud environment, it is characterized in that, this system comprises:
First receiving element, for receiving the request instruction obtained the key that target data is encrypted, described request instruction comprises list of access rights and the encrypted domain of described key;
Generation unit, for generation of the key matched with described request instruction;
Allocation units, for being described encryption key distribution key ID;
First transmitting element, for sending to user terminal by the key ID of described key.
7. system according to claim 6, is characterized in that, also comprises:
First acquiring unit, for obtaining the CIPHERING REQUEST instruction be encrypted described target data, described CIPHERING REQUEST instruction comprises key ID;
Second acquisition unit, obtains the equipment for encrypting in described encrypted domain;
First ciphering unit, for adopting the described PKI for the equipment encrypted to be encrypted operation to the described key for encrypting;
Second transmitting element, described in being sent to by the key after encryption, be used for the equipment encrypted, the described equipment for encrypting performs corresponding cryptographic operation, and the target data after encryption is kept at high in the clouds.
8. system according to claim 6, is characterized in that, when the described target data in described receiving element is the data stored in cloud environment, also comprises:
3rd acquiring unit, for obtaining user PIN password;
Arithmetic element, for carrying out computing, using the result of computing as final key to described PIN password and described key.
9. the system according to any one of claim 6 to 8, is characterized in that, also comprises:
Second receiving element, for receiving the decoding request instruction be decrypted described target data, described decoding request instruction comprises user ID;
Inspection unit, for checking described user ID whether in the list of access rights of described key;
Decryption unit, for when described user ID is in the list of access rights of described key, is decrypted operation.
10. system according to claim 9, is characterized in that, described decryption unit, comprising:
4th acquiring unit, for obtaining the equipment for deciphering in described encrypted domain;
Second ciphering unit, for adopting the described PKI for the equipment deciphered to be encrypted operation to the described key for deciphering;
3rd transmitting element, described in being sent to by the key after encryption, be used for the equipment deciphered, the described equipment for deciphering performs corresponding decryption oprerations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510764378.3A CN105429752B (en) | 2015-11-10 | 2015-11-10 | The processing method and system of user key under a kind of cloud environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510764378.3A CN105429752B (en) | 2015-11-10 | 2015-11-10 | The processing method and system of user key under a kind of cloud environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105429752A true CN105429752A (en) | 2016-03-23 |
| CN105429752B CN105429752B (en) | 2019-10-22 |
Family
ID=55507705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510764378.3A Active CN105429752B (en) | 2015-11-10 | 2015-11-10 | The processing method and system of user key under a kind of cloud environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105429752B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059767A (en) * | 2016-08-17 | 2016-10-26 | 王树栋 | Terminal private data protection system and method based on Internet |
| CN107070879A (en) * | 2017-02-15 | 2017-08-18 | 北京深思数盾科技股份有限公司 | Data guard method and system |
| CN110264354A (en) * | 2019-05-31 | 2019-09-20 | 阿里巴巴集团控股有限公司 | It creates block chain account and verifies the method and device of block chain transaction |
| CN110543764A (en) * | 2019-09-11 | 2019-12-06 | 天津飞腾信息技术有限公司 | System-on-chip memory protection method, password acceleration engine and memory protection device |
| CN111213340A (en) * | 2017-10-16 | 2020-05-29 | 微软技术许可有限责任公司 | Selecting and securing attestation delegations for cryptographic functions |
| WO2020182151A1 (en) * | 2019-03-11 | 2020-09-17 | 上海唯链信息科技有限公司 | Methods for splitting and recovering key, program product, storage medium, and system |
| CN107302546B (en) * | 2017-08-16 | 2021-05-21 | 北京奇虎科技有限公司 | Big data platform security access system and method and electronic equipment |
| US11108545B2 (en) | 2019-05-31 | 2021-08-31 | Advanced New Technologies Co., Ltd. | Creating a blockchain account and verifying blockchain transactions |
| CN114268435A (en) * | 2022-03-03 | 2022-04-01 | 南京易科腾信息技术有限公司 | Cloud password service communication method and device, electronic equipment and storage medium |
| CN114697007A (en) * | 2020-12-29 | 2022-07-01 | 华为技术有限公司 | Method, corresponding device and system for managing secret key |
| CN115051861A (en) * | 2022-06-17 | 2022-09-13 | 北京天融信网络安全技术有限公司 | Domain name detection method, device, system and medium |
| CN117579275A (en) * | 2024-01-16 | 2024-02-20 | 中国民用航空飞行学院 | Information security management method, system and storage medium based on aviation data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1939028A (en) * | 2004-02-13 | 2007-03-28 | 诺基亚有限公司 | Accessing protected data on network storage from multiple devices |
| EP1835654A1 (en) * | 2006-02-28 | 2007-09-19 | Samsung Electronics Co., Ltd. | Method and apparatus for configuring key of groups contained in domain |
| CN101346928A (en) * | 2006-01-19 | 2009-01-14 | 三星电子株式会社 | Method and apparatus for transmitting content to device which does not join domain |
| CN103107994A (en) * | 2013-02-06 | 2013-05-15 | 中电长城网际系统应用有限公司 | Vitualization environment data security partition method and system |
| CN104662870A (en) * | 2012-09-10 | 2015-05-27 | 云深系统有限公司 | Data security management system |
-
2015
- 2015-11-10 CN CN201510764378.3A patent/CN105429752B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1939028A (en) * | 2004-02-13 | 2007-03-28 | 诺基亚有限公司 | Accessing protected data on network storage from multiple devices |
| CN101346928A (en) * | 2006-01-19 | 2009-01-14 | 三星电子株式会社 | Method and apparatus for transmitting content to device which does not join domain |
| EP1835654A1 (en) * | 2006-02-28 | 2007-09-19 | Samsung Electronics Co., Ltd. | Method and apparatus for configuring key of groups contained in domain |
| CN104662870A (en) * | 2012-09-10 | 2015-05-27 | 云深系统有限公司 | Data security management system |
| CN103107994A (en) * | 2013-02-06 | 2013-05-15 | 中电长城网际系统应用有限公司 | Vitualization environment data security partition method and system |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059767A (en) * | 2016-08-17 | 2016-10-26 | 王树栋 | Terminal private data protection system and method based on Internet |
| CN107070879A (en) * | 2017-02-15 | 2017-08-18 | 北京深思数盾科技股份有限公司 | Data guard method and system |
| WO2018149225A1 (en) * | 2017-02-15 | 2018-08-23 | 北京深思数盾科技股份有限公司 | Data protection method and system |
| CN107070879B (en) * | 2017-02-15 | 2018-12-07 | 北京深思数盾科技股份有限公司 | Data guard method and system |
| CN107302546B (en) * | 2017-08-16 | 2021-05-21 | 北京奇虎科技有限公司 | Big data platform security access system and method and electronic equipment |
| CN111213340B (en) * | 2017-10-16 | 2023-05-09 | 微软技术许可有限责任公司 | Selecting attestation delegation for cryptographic functions and making it secure |
| CN111213340A (en) * | 2017-10-16 | 2020-05-29 | 微软技术许可有限责任公司 | Selecting and securing attestation delegations for cryptographic functions |
| WO2020182151A1 (en) * | 2019-03-11 | 2020-09-17 | 上海唯链信息科技有限公司 | Methods for splitting and recovering key, program product, storage medium, and system |
| US11108545B2 (en) | 2019-05-31 | 2021-08-31 | Advanced New Technologies Co., Ltd. | Creating a blockchain account and verifying blockchain transactions |
| CN110264354A (en) * | 2019-05-31 | 2019-09-20 | 阿里巴巴集团控股有限公司 | It creates block chain account and verifies the method and device of block chain transaction |
| CN110264354B (en) * | 2019-05-31 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Method and device for creating block chain account and verifying block chain transaction |
| CN110543764B (en) * | 2019-09-11 | 2021-07-23 | 飞腾信息技术有限公司 | System-on-chip memory protection method, password acceleration engine and memory protection device |
| CN110543764A (en) * | 2019-09-11 | 2019-12-06 | 天津飞腾信息技术有限公司 | System-on-chip memory protection method, password acceleration engine and memory protection device |
| CN114697007A (en) * | 2020-12-29 | 2022-07-01 | 华为技术有限公司 | Method, corresponding device and system for managing secret key |
| WO2022143358A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Key management method, and corresponding apparatus and system |
| CN114697007B (en) * | 2020-12-29 | 2024-01-16 | 华为技术有限公司 | Key management method, corresponding device and system |
| CN114268435A (en) * | 2022-03-03 | 2022-04-01 | 南京易科腾信息技术有限公司 | Cloud password service communication method and device, electronic equipment and storage medium |
| CN114268435B (en) * | 2022-03-03 | 2022-05-13 | 南京易科腾信息技术有限公司 | Cloud password service communication method and device, electronic equipment and storage medium |
| CN115051861A (en) * | 2022-06-17 | 2022-09-13 | 北京天融信网络安全技术有限公司 | Domain name detection method, device, system and medium |
| CN115051861B (en) * | 2022-06-17 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Domain name detection method, device, system and medium |
| CN117579275A (en) * | 2024-01-16 | 2024-02-20 | 中国民用航空飞行学院 | Information security management method, system and storage medium based on aviation data |
| CN117579275B (en) * | 2024-01-16 | 2024-04-12 | 中国民用航空飞行学院 | Information security management method, system and storage medium based on aviation data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105429752B (en) | 2019-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105429752A (en) | Processing method and system of user key in cloud environment | |
| CN110278078B (en) | Data processing method, device and system | |
| CN103259651B (en) | A kind of method and system to terminal data encryption and decryption | |
| CN103107995B (en) | A kind of cloud computing environment date safety storing system and method | |
| WO2022199290A1 (en) | Secure multi-party computation | |
| CN105812332A (en) | Data protection method | |
| CN103973736A (en) | Data sharing method and device | |
| CN105450620A (en) | Information processing method and device | |
| CN106161402A (en) | Encryption equipment key injected system based on cloud environment, method and device | |
| CN106209739A (en) | Cloud storage method and system | |
| CN111163036B (en) | Data sharing method, device, client, storage medium and system | |
| CN103534976A (en) | Data security protection method, server, host, and system | |
| CN204360381U (en) | mobile device | |
| CN110162998B (en) | Identity encryption equivalence test method, device, system and medium based on user group | |
| CN103107994A (en) | Vitualization environment data security partition method and system | |
| KR101615137B1 (en) | Data access method based on attributed | |
| CN104618096A (en) | Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center | |
| CN103457932A (en) | Data safety storage method and system under cloud computing environment | |
| CN105262590A (en) | Method and system for safely insulating keys in virtual environment | |
| Thilakanathan et al. | Secure multiparty data sharing in the cloud using hardware-based TPM devices | |
| CN112822021B (en) | Key management method and related device | |
| CN115348023A (en) | Data security processing method and device | |
| CN105827411A (en) | Information processing method and apparatus | |
| CN105681027A (en) | HSM encrypted information synchronization method, device and system | |
| Reedy et al. | A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Lei Bo Inventor after: Chen Deyong Inventor after: Dong Guishan Inventor after: Wang Yunbing Inventor after: Hou Jianning Inventor after: Lei Zhenyu Inventor after: Leng Qingsong Inventor after: Liu Junbo Inventor after: Wang Feng Inventor after: Tang Zhongqian Inventor before: Lei Bo Inventor before: Dong Guishan Inventor before: Wang Yunbing Inventor before: Xia Fan Inventor before: Huang Bin Inventor before: Li Linxiao Inventor before: Deng Zijian Inventor before: Tang Zhongqian Inventor before: Yang Hong |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |