CN107483191B - SM2 algorithm key segmentation signature system and method - Google Patents
SM2 algorithm key segmentation signature system and method Download PDFInfo
- Publication number
- CN107483191B CN107483191B CN201710701512.4A CN201710701512A CN107483191B CN 107483191 B CN107483191 B CN 107483191B CN 201710701512 A CN201710701512 A CN 201710701512A CN 107483191 B CN107483191 B CN 107483191B
- Authority
- CN
- China
- Prior art keywords
- key
- mobile device
- cloud
- signature
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000011218 segmentation Effects 0.000 title abstract description 11
- 238000012795 verification Methods 0.000 claims abstract description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 3
- 208000033748 Device issues Diseases 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 4
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000000638 solvent extraction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of information security, in particular to the technical field of a key signature method, and particularly relates to a SM2 algorithm key segmentation signature system and method. The system structure comprises mobile equipment, cloud password service and a third-party CA center, wherein the mobile equipment and the cloud password service respectively generate random numbers, the validity verification of an SM2 key is completed at one end of the mobile equipment, and the SM2 key is confirmed to be generated; the mobile equipment and the cloud password service respectively complete part of the SM2 algorithm digital signature, and finally generate a digital signature at one end of the mobile equipment; the SM2 algorithm key segmentation signature method realizes the signature algorithm based on SM2 key segmentation, digital signature is completed by the mobile equipment and the cloud together, the secret key is prevented from being leaked in the signature process, and the secret key safety of the mobile equipment end can be effectively protected.
Description
Technical Field
The invention relates to the technical field of information security, in particular to the technical field of a key signature method, and particularly relates to a SM2 algorithm key segmentation signature system and method.
Background
In recent years, network security events are frequent, and network attacks are raised from personal events such as information leakage, fund stealing, telecommunication fraud, phishing websites and the like to security events of the whole society, which affect our lives, government services, social stability and even social security. The cryptographic technology is a core technology of network information security, has an important position on the national security strategy under the global environment of the internet, is the basis for realizing the autonomous and controllable national network information, and can be widely applied to industry systems relating to civil and basic information resources, such as e-government affairs, energy, traffic, health, education and the like.
The SM2 algorithm is an elliptic curve public key cryptographic algorithm issued by the national crypto authority in 12 months and 17 days in 2010, and compared with the RSA algorithm, the SM2 algorithm has the advantages of high safety, high computing speed and small storage space under the same key strength, and meanwhile, compared with the international standard ECC algorithm, the SM2 algorithm is better in initial state coding and encryption computing efficiency.
With the development of the mobile internet, the mobile device becomes a fundamental trend for changing the traditional computing, and the popularity of the mobile intelligent terminal is higher and higher as the mobile device has stepped into the intelligent era. People use fragmented time to surf the internet, and mobile office, mobile electronic commerce and mobile electronic government have great development, and the safety problem is followed, and identity authentication and digital signature of a mobile terminal need to be solved. Under the circumstance, how to realize digital signature by efficiently utilizing the mobile equipment and combining a domestic cryptographic algorithm becomes a problem which needs to be solved urgently.
Disclosure of Invention
In order to solve the problems of the prior art, the invention provides an SM2 algorithm key segmentation signature system and a method thereof, which are characterized in that a mobile terminal is combined, an SM2 key is generated by utilizing mobile equipment and cloud cryptographic service together, the key is segmented into two parts and is respectively stored by the mobile equipment terminal and a cloud cryptographic server, the method realizes a signature algorithm based on SM2 key segmentation, digital signature is completed by the mobile equipment and the cloud terminal together, the key is ensured not to be leaked in the signature process, and the key security of the mobile equipment terminal can be effectively protected.
The technical scheme adopted by the invention is as follows:
an SM2 algorithm key segmentation signature system comprises a mobile device, a cloud password service and a third-party CA center, wherein the mobile device and the cloud password service respectively generate random numbers, the validity verification of an SM2 key is completed at one end of the mobile device, and the SM2 key is confirmed and generated; the mobile equipment and the cloud password service respectively complete part of the SM2 algorithm digital signature, and finally generate a digital signature at one end of the mobile equipment;
the mobile device is responsible for generating random numbers, completing validity verification of SM2 keys and partial calculation of generating SM2 digital signatures, and in addition, the mobile device can generate temporary keys for communication with cloud encryption services;
the cloud password service is responsible for generating random numbers, transmitting the random numbers with encryption authentication data of a mobile equipment end and realizing partial calculation of an SM2 signature algorithm;
the third party CA center is responsible for issuing the digital certificate, on one hand, issues the certificate for the cloud password service to ensure the legal identity of the cloud password service, and on the other hand, issues the digital certificate for the mobile device to provide legal identity authentication for the password application of the mobile device.
The mobile equipment adopts external hardware to encrypt the terminal equipment.
The cloud password service adopts a hardware password machine or uses a cloud password machine to complete encryption and signature operation.
An SM2 algorithm key splitting signature method comprises a method for splitting key generation and a method for completing digital signature, wherein the method for splitting key generation comprises the following steps:
102, generating a temporary key pair by the mobile equipment, and providing a split key generation request to the cloud password service;
103, the cloud password service generates a random number dc, encrypts the random number dc by using a public key of the mobile device, signs the random number dc by using a self secret key, and sends the random number dc to the mobile device;
104, the mobile equipment decrypts by using a temporary private key, verifies the certificate validity and the signature validity, and obtains a random number dc of the cloud password service;
the method for completing the digital signature comprises the following steps:
step 201, the mobile device calculates a hash value Z of the user, then splices a plaintext M, calculates a digest value thereof, converts the digest value into an integer, and records the integer as e;
In step 102, the mobile device sends a request for generating a split key to the cloud cryptographic service, where the request includes a mobile device identifier, a public key of a temporary key pair, and an application time.
In step 202, the request for generating the split key to the cloud cryptographic service by the mobile device includes a mobile device identifier, a public key of the temporary key pair, and a digest value integer e.
The method of split key generation further comprises:
and step 209, the mobile device verifies the signature value by using the public key certificate thereof.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the invention provides an SM2 algorithm key segmentation signature system and method, which are characterized in that a mobile terminal is combined, an SM2 key is generated by utilizing mobile equipment and cloud password service together, and the key is segmented into two parts which are respectively stored by the mobile equipment terminal and a cloud password server. The process of generating the key adopts the encrypted signature to realize the data interaction between the equipment end and the cloud end, thereby ensuring the transmission safety. The SM signature algorithm based on key segmentation is used for respectively completing calculation by a mobile device end and a cloud end, and random numbers are generated by using a cloud end hardware device in the signature process, so that the generation intensity of the random numbers is also ensured; the key and signature generation is finished at the mobile equipment end, the cloud end cannot obtain the key part of the mobile equipment end, and even the calculated key content cannot be obtained, so that the key safety of the mobile equipment end is ensured. On the other hand, the key is divided, even if part of the key is leaked, a malicious attacker cannot forge the digital signature, and the security of the key is effectively protected. In addition, the mobile device end can also access an external password encryption hardware device to enhance the strength of generating the SM2 key.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a system configuration diagram of an SM2 algorithm key division signature system according to the present invention;
FIG. 2 is a flowchart of a key generation method of the SM2 algorithm key partitioning signature method of the present invention;
fig. 3 is a flow chart of a digital signature method of the SM2 algorithm key partitioning signature method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Example one
As shown in fig. 1, the SM2 algorithm key splitting signature system of the embodiment includes a mobile device, a cloud cryptographic service, and a third party CA center. The mobile equipment and the cloud password service respectively generate random numbers, the validity verification of an SM2 key is completed at the mobile equipment end, and the SM2 key is confirmed to be generated; the mobile equipment and the cloud password service respectively complete a part of SM2 algorithm digital signature, and finally generate a digital signature at the mobile equipment end; the SM2 digital signature verification operation based on the method is the same as the standard SM2 algorithm. The mobile device is responsible for generating random numbers, verifying the validity of an SM2 key and partially calculating the generation of an SM2 digital signature, and in addition, the mobile device can generate a temporary key for communication with a cloud encryption service, and the security of the mobile device can be improved by adopting external hardware to encrypt a terminal device. The cloud password service is responsible for generating random numbers, transmitting encryption authentication data of the mobile equipment end and realizing partial calculation of an SM2 signature algorithm, and the cloud password service can adopt a hardware password machine and can also use a cloud password machine to finish operations such as encryption signature and the like. The third-party CA center is mainly responsible for issuing the digital certificate, on one hand, issues the certificate for the cloud password service to ensure the legal identity of the cloud password service, and on the other hand, issues the digital certificate for the mobile device to provide legal identity authentication for the password application of the mobile device.
For clarity of description, it is assumed in this embodiment that the cloud and the device side both use the SM2 algorithm, the encryption key algorithm is the SM2 SM, the SM3SM serves as the digest algorithm, the SM3SM2 SM serves as the signature algorithm, and the digital certificate uses the X509 format. The data format of the mobile device side key generation request is as follows:
ID: mobile device identification
PubKey: public key of temporary key pair
T1: application time
The nonces: disposable digital mark
SigAlg: signature algorithm
Signature: signature value
The data format of the digital signature request of the mobile device side is as follows:
ID: mobile device identification
e: processed plaintext digest value
PubKey: public key of temporary key pair
T1: application time
The nonces: disposable digital mark
SigAlg: signature algorithm
Signature: signature value
It will be appreciated by those skilled in the art that the configurations according to embodiments of the present invention can be applied on other data formats than those using the above data formats.
Example 2:
the SM2 algorithm key splitting signature method of the present embodiment includes a method for splitting key generation and a method for completing digital signature, where the key generation method refers to fig. 2, and includes the following steps:
102, the mobile device generates a temporary key pair, and provides a split key generation request (including a mobile device identifier, a public key of the temporary key pair, application time, and the like) to the cloud cryptographic service;
103, the cloud password service generates a random number dc, encrypts the random number dc by using a public key of the mobile device, signs the random number dc by using a self secret key, and sends the random number dc to the mobile device;
and 104, the mobile equipment firstly decrypts by using the temporary private key, then verifies the certificate validity and the signature validity of the mobile equipment, and obtains the random number dc of the cloud password service.
and step 108, the mobile equipment sends a key generation failure message to the cloud password service, and the step 102 is carried out to apply for the random number again.
Method of completing digital signature referring to fig. 3, comprising the steps of:
step 201, the mobile device calculates a hash value Z of the user, then splices a plaintext M, calculates a digest value thereof, converts the digest value into an integer, and records the integer as e;
and step 209, the mobile device verifies the signature value by using the public key certificate of the mobile device.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (5)
1. An SM2 algorithm key splitting signature method comprises a method for splitting key generation and a method for completing digital signature, wherein the method for splitting key generation comprises the following steps:
step 101, a third party CA center issues a digital certificate for a cloud password service;
102, generating a temporary key pair by the mobile equipment, and providing a split key generation request to the cloud password service;
103, the cloud password service generates a random number dc, encrypts the random number dc by using a public key of the mobile device, signs the random number dc by using a self secret key, and sends the random number dc to the mobile device;
104, the mobile equipment decrypts by using a temporary private key, verifies the certificate validity and the signature validity, and obtains a random number dc of the cloud password service;
step 105, the mobile device generates a random number dm, and calculates d ═ dc × dm-1, d ∈ [ 1; n-2], wherein n is the order of one base point of the SM2 elliptic curve;
step 106, the mobile device calculates a point P ═ P, (xP, yP) ═ d ] G, where G is a base point and (xP, yP) is a coordinate; if P meets the requirement of the SM2 elliptic curve, go to step 107, otherwise go to step 108;
step 107, the mobile device sends a key generation success message to the cloud cryptographic service, wherein the SM2 key pair is (dm x dc-1; P), dm is used as a private key of the mobile device, dc is used as a private key of the cloud cryptographic service, and P is a public key;
step 108, the mobile device sends a key generation failure message to the cloud password service, and goes to step 102 to re-apply for a random number;
step 109, the SM2 divides the key pair to generate successfully, and the third party CA center issues a digital certificate for the key;
the method for completing the digital signature comprises the following steps:
step 201, the mobile device calculates a hash value Z of the user, then splices a plaintext M, calculates a digest value thereof, converts the digest value into an integer, and records the integer as e;
step 202, the mobile device generates a temporary key pair, and provides a split key generation request to the cloud cryptographic service;
step 203, the cloud cryptographic service generates a random number k ∈ [1, n-1], calculates SM2 elliptic curve points (x1, y1) ═ k ] G, calculates r ═ e + x1) mod n, and regenerates the random number if r ═ 0 or r + k ═ n;
step 204, the cloud cryptographic service calculates t ═ k + r × dc-1; encrypting the (r, t) by using a public key of the mobile equipment, signing by using a self secret key, and sending to the mobile equipment;
step 205, the mobile device decrypts by using the temporary private key, and then verifies the certificate validity and the signature validity to obtain (r, t);
step 206, the mobile device calculates s ═ (t-r × dm) × dm-1, if s ═ 0, go to step 207, otherwise go to step 208;
step 207, the mobile device sends a key generation failure message to the cloud cryptographic service, and goes to step 202 to sign again;
step 208, the mobile device sends a signature success message to the cloud cryptographic service, and the signature value of SM2 is (r, s).
2. The SM2 algorithm key splitting signature method of claim 1, wherein in step 102, the mobile device issues a split key generation request to the cloud cryptographic service, including a mobile device identifier, a public key of a temporary key pair, and an application time.
3. The SM2 algorithm key splitting signature method of claim 1, wherein in step 202, the request for generating the split key from the mobile device to the cloud cryptographic service includes a mobile device identifier, a public key of a temporary key pair, and a digest integer e.
4. The SM2 algorithm key splitting signature method of claim 1, wherein the method for generating the splitting key further comprises:
and step 209, the mobile device verifies the signature value by using the public key certificate thereof.
5. A system using the SM2 algorithm key splitting signature method according to claim 1, comprising a mobile device, a cloud cryptographic service and a third party CA center, wherein the mobile device and the cloud cryptographic service each generate a random number, and perform validity verification of an SM2 key at the mobile device side, and confirm generation of an SM2 key; the mobile equipment and the cloud password service respectively complete part of the SM2 algorithm digital signature, and finally generate a digital signature at one end of the mobile equipment;
the mobile device is responsible for generating random numbers, completing validity verification of SM2 keys and partial calculation of generating SM2 digital signatures, and in addition, the mobile device can generate temporary keys for communication with cloud encryption services;
the cloud password service is responsible for generating random numbers, transmitting the random numbers with encryption authentication data of a mobile equipment end and realizing partial calculation of an SM2 signature algorithm;
the third-party CA center is responsible for issuing the digital certificate, on one hand, issuing the certificate for the cloud password service to ensure the legal identity of the cloud password service, and on the other hand, issuing the digital certificate for the mobile equipment to provide legal identity authentication for the password application of the mobile equipment;
the mobile equipment adopts external hardware to encrypt terminal equipment;
the cloud password service adopts a hardware password machine or uses a cloud password machine to complete encryption and signature operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710701512.4A CN107483191B (en) | 2017-08-16 | 2017-08-16 | SM2 algorithm key segmentation signature system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710701512.4A CN107483191B (en) | 2017-08-16 | 2017-08-16 | SM2 algorithm key segmentation signature system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107483191A CN107483191A (en) | 2017-12-15 |
| CN107483191B true CN107483191B (en) | 2020-04-14 |
Family
ID=60599770
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710701512.4A Active CN107483191B (en) | 2017-08-16 | 2017-08-16 | SM2 algorithm key segmentation signature system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107483191B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109600224A (en) * | 2018-11-06 | 2019-04-09 | 卓望数码技术(深圳)有限公司 | A kind of SM2 key generation, endorsement method, terminal, server and storage medium |
| CN109787767B (en) * | 2018-11-30 | 2022-03-15 | 晟安信息技术有限公司 | SM2 collaborative digital signature method and device |
| CN109598126B (en) * | 2018-12-03 | 2021-05-04 | 贵州华芯通半导体技术有限公司 | System safe starting method, device and system based on state cryptographic algorithm |
| CN109639415A (en) * | 2018-12-19 | 2019-04-16 | 南京壹证通信息科技有限公司 | A kind of collaboration key storage restoration methods based on Secret splitting |
| CN110572258B (en) * | 2019-07-24 | 2021-12-14 | 中国科学院数据与通信保护研究教育中心 | Cloud password computing platform and computing service method |
| CN111800377B (en) * | 2020-05-20 | 2023-03-24 | 中国电力科学研究院有限公司 | Mobile terminal identity authentication system based on safe multi-party calculation |
| CN111917756B (en) * | 2020-07-27 | 2022-05-27 | 杭州叙简科技股份有限公司 | Encryption system and encryption method of law enforcement recorder based on public key routing |
| CN113055161B (en) * | 2021-03-09 | 2021-11-26 | 武汉大学 | Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms |
| CN114650136B (en) * | 2022-05-18 | 2022-10-04 | 杭州天谷信息科技有限公司 | Electronic signature method and device based on hybrid cloud |
| CN115002759A (en) * | 2022-06-14 | 2022-09-02 | 北京电子科技学院 | Cloud collaborative signature system and method based on cryptographic algorithm |
| CN116015679B (en) * | 2022-12-20 | 2024-04-30 | 浪潮云信息技术股份公司 | Government cloud multi-cloud management authentication system based on SM2 digital signature |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
| CN106506170A (en) * | 2016-12-15 | 2017-03-15 | 北京三未信安科技发展有限公司 | A kind of distributed signature method and system based on RSA |
| CN106506156A (en) * | 2016-12-15 | 2017-03-15 | 北京三未信安科技发展有限公司 | A kind of distributed Threshold Signature method based on elliptic curve |
| CN106603246A (en) * | 2017-01-22 | 2017-04-26 | 武汉理工大学 | SM2 digital signature segmentation generation method and system |
| CN106713279A (en) * | 2016-11-29 | 2017-05-24 | 北京航天爱威电子技术有限公司 | Video terminal identity authentication system |
| CN106850229A (en) * | 2017-01-22 | 2017-06-13 | 武汉理工大学 | SM2 digital signature generation method and system based on the secret segmentation of product |
| CN106851635A (en) * | 2016-12-15 | 2017-06-13 | 北京三未信安科技发展有限公司 | A kind of distributed signature method and system of identity-based |
| CN106961336A (en) * | 2017-04-18 | 2017-07-18 | 北京百旺信安科技有限公司 | A kind of key components trustship method and system based on SM2 algorithms |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100720726B1 (en) * | 2003-10-09 | 2007-05-22 | 삼성전자주식회사 | Security system using ??? algorithm and method thereof |
-
2017
- 2017-08-16 CN CN201710701512.4A patent/CN107483191B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
| CN106713279A (en) * | 2016-11-29 | 2017-05-24 | 北京航天爱威电子技术有限公司 | Video terminal identity authentication system |
| CN106506170A (en) * | 2016-12-15 | 2017-03-15 | 北京三未信安科技发展有限公司 | A kind of distributed signature method and system based on RSA |
| CN106506156A (en) * | 2016-12-15 | 2017-03-15 | 北京三未信安科技发展有限公司 | A kind of distributed Threshold Signature method based on elliptic curve |
| CN106851635A (en) * | 2016-12-15 | 2017-06-13 | 北京三未信安科技发展有限公司 | A kind of distributed signature method and system of identity-based |
| CN106603246A (en) * | 2017-01-22 | 2017-04-26 | 武汉理工大学 | SM2 digital signature segmentation generation method and system |
| CN106850229A (en) * | 2017-01-22 | 2017-06-13 | 武汉理工大学 | SM2 digital signature generation method and system based on the secret segmentation of product |
| CN106961336A (en) * | 2017-04-18 | 2017-07-18 | 北京百旺信安科技有限公司 | A kind of key components trustship method and system based on SM2 algorithms |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107483191A (en) | 2017-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
| CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
| CN107579819B (en) | A kind of SM9 digital signature generation method and system | |
| CN109088726B (en) | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties | |
| CN109274503A (en) | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system | |
| CN101789865B (en) | Dedicated server used for encryption and encryption method | |
| WO2021012574A1 (en) | Multisignature method, signature center, medium and electronic device | |
| US11930103B2 (en) | Method, user device, management device, storage medium and computer program product for key management | |
| US20170374033A1 (en) | Authentication via revocable signatures | |
| CN107425971B (en) | Certificateless data encryption/decryption method and device and terminal | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN107360002B (en) | Application method of digital certificate | |
| JP2020532928A (en) | Digital signature methods, devices and systems | |
| CN110138567A (en) | A kind of collaboration endorsement method based on ECDSA | |
| CN101931536B (en) | Method for encrypting and authenticating efficient data without authentication center | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN110336664B (en) | SM2 cryptographic algorithm-based cross-domain authentication method for information service entity | |
| WO2023184858A1 (en) | Timestamp generation method and apparatus, and electronic device and storage medium | |
| CN114726546A (en) | Digital identity authentication method, device, equipment and storage medium | |
| CN113382002A (en) | Data request method, request response method, data communication system, and storage medium | |
| CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
| US11570008B2 (en) | Pseudonym credential configuration method and apparatus | |
| CN113468582A (en) | Anti-quantum computing encryption communication method | |
| CN104868994A (en) | Collaboration secret key management method, device and system | |
| CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200317 Address after: 250100 Ji'nan high tech Zone, Shandong, No. 1036 wave road Applicant after: INSPUR GROUP Co.,Ltd. Address before: 250100, Ji'nan province high tech Zone, Sun Village Branch Road, No. 2877, building, floor, building, on the first floor Applicant before: JINAN INSPUR HIGH-TECH TECHNOLOGY DEVELOPMENT Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230322 Address after: 250000 building S02, No. 1036, Langchao Road, high tech Zone, Jinan City, Shandong Province Patentee after: Shandong Inspur Scientific Research Institute Co.,Ltd. Address before: No. 1036, Shandong high tech Zone wave road, Ji'nan, Shandong Patentee before: INSPUR GROUP Co.,Ltd. |
|
| TR01 | Transfer of patent right |