CN107979461A - Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium - Google Patents
Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium Download PDFInfo
- Publication number
- CN107979461A CN107979461A CN201711026657.5A CN201711026657A CN107979461A CN 107979461 A CN107979461 A CN 107979461A CN 201711026657 A CN201711026657 A CN 201711026657A CN 107979461 A CN107979461 A CN 107979461A
- Authority
- CN
- China
- Prior art keywords
- secret key
- sub
- key
- strings
- memory node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
This application discloses a kind of secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium, it is related to field of data encryption.This method includes:Obtain threshold value k;According to threshold value k, send at least k times to key escrow server and obtain request, key escrow server is connected with m memory node, and target secret key is divided into n sub- secret key strings and is respectively stored in n memory node, 2≤k≤n≤m;Obtain at least k sub- secret key strings of key escrow server feedback;Target secret key is reconstructed according at least k sub- secret key strings.By the way that secret key is segmented to obtain more sub- secret key strings, and more sub- secret key strings are stored respectively in multiple memory nodes, since the memory node for storing sub- secret key string is more, when malicious persons attack memory node by Hacker Program, the sub- secret key string that target secret key is stored with which memory node is not aware that, so degree of safety is higher.
Description
Technical field
The invention relates to field of data encryption, more particularly to a kind of secret key method for retrieving, device, terminal, secret key
Entrust Server and computer-readable recording medium.
Background technology
Asymmetric encryption is the cipher mode being encrypted by public key and private key.In general, public affairs are held by one side of server
Key, one side of user hold private key.When user forgets private key, it is necessary to be given for change to private key.
The secret key of backup is preserved in correlation technique by server.User, can be to service when first time obtaining secret key
Device reserves a private mailbox of oneself.When user needs to give for change secret key, secret key is submitted to give request for change to server.Server is according to this
Secret key gives request for change, and secret key is sent to reserved private mailbox of oneself.After user opens the private mailbox of oneself, the secret key given for change is checked.
When malicious persons are by Hacker Program attack server, the secret key of user can be directly obtained, so above-mentioned secret
The security of key method for retrieving is poor.
The content of the invention
The embodiment of the present application provides a kind of secret key method for retrieving, device, terminal, key escrow server and readable Jie
Matter, can solve the problems, such as that malicious persons can directly obtain the secret key of user by attack server.The technical solution is such as
Under:
First aspect, there is provided a kind of secret key method for retrieving, the described method includes:
Obtain threshold value k;
According to the threshold value k, send at least k times to key escrow server and obtain request, i-th of acquisition request is used
In i-th of sub- secret key string of acquisition request target secret key, the key escrow server is connected with m memory node, the mesh
Mark secret key is divided into n sub- secret key strings and is respectively stored in the n memory nodes, 0≤i≤k, 2≤k≤n≤m;
Obtain at least k sub- secret key strings of the key escrow server feedback;
The target secret key is reconstructed according at least k sub- secret key strings.
Second aspect, there is provided a kind of secret key method for retrieving, applied in key escrow server, the key escrow takes
Business device is connected with m memory node, the described method includes:
I-th for acquisition request target secret key is asked at least k times acquisition request that receiving terminal is sent, i-th of acquisition
A sub- secret key string, the target secret key are divided into n sub- secret key strings and are respectively stored in the n memory nodes, and 0≤i≤
K, 2≤k≤n≤m;
Obtained and asked according to described at least k times, at least k sub- secret key strings are obtained from the n memory node;
At least k sub- secret key strings are sent to the terminal.
The third aspect, there is provided a kind of secret key device for retrieving, described device include:
First acquisition module, for obtaining threshold value k;
First sending module, for according to the threshold value k, sending at least k times acquisition to key escrow server please
Ask, i-th sub- secret key string of i-th of acquisition request for acquisition request target secret key, the key escrow server is deposited with m
Storage node is connected, and the target secret key is divided into n sub- secret key strings and is respectively stored in the n memory nodes, and 0≤i≤
K, 2≤k≤n≤m;
First acquisition module, is additionally operable to obtain at least k sub- secret key strings of the key escrow server feedback;
Module is rebuild, the target secret key is reconstructed at least k sub- secret key strings according to.
Fourth aspect, there is provided a kind of secret key device for retrieving, described device are connected with m memory node, described device bag
Include:
Receiving module, obtains request, i-th of acquisition request is used for acquisition request at least k times that receiving terminal is sent
I-th of sub- secret key string of target secret key, the target secret key are divided into n sub- secret key strings and are respectively stored in the n storages
In node, 0≤i≤k, 2≤k≤n≤m;
Second acquisition module, at least k times acquisition request according to, at least k is obtained from the n memory node
A sub- secret key string;
Second sending module, for sending at least k sub- secret key strings to the terminal.
5th aspect, there is provided a kind of terminal, the terminal include processor and memory, be stored with the memory
At least one instruction, at least one section of program, code set or instruction set, at least one instruction, at least one section of program, the institute
Code set or instruction set is stated to be loaded by the processor and performed to realize such as the embodiment of the present application first aspect and its optional reality
Apply any secret key method for retrieving of example.
6th aspect, there is provided a kind of key escrow server, the key escrow server include processor and storage
Device, at least one instruction, at least one section of program, code set or instruction set are stored with the memory, and described at least one refers to
Make, at least one section of program, the code set or the instruction set are loaded by the processor and performed to realize as the application is real
Apply a second aspect and its any secret key method for retrieving of alternative embodiment.
7th aspect, there is provided a kind of computer-readable recording medium, is stored with least one finger in the storage medium
Make, at least one section of program, code set or instruction set, at least one instruction, at least one section of program, the code set or
Instruction set is loaded by the processor and performed to realize such as the embodiment of the present application first aspect and its any institute of alternative embodiment
The secret key method for retrieving stated.
Eighth aspect, there is provided a kind of computer-readable recording medium, is stored with least one finger in the storage medium
Make, at least one section of program, code set or instruction set, at least one instruction, at least one section of program, the code set or
Instruction set is loaded by the processor and performed to realize such as the embodiment of the present application second aspect and its any institute of alternative embodiment
The secret key method for retrieving stated.
The beneficial effect that technical solution provided by the embodiments of the present application is brought includes at least:
By being segmented to obtain more sub- secret key strings by target secret key, and more sub- secret key strings are stored respectively in multiple
In memory node, since the memory node for storage is more, and the sub- secret key string stored between different memory nodes is mutual
Unknown, when malicious persons attack memory node by Hacker Program, in this case it is not apparent that be stored with target on which memory node
The sub- secret key string of secret key, also can not obtain all sub- secret key strings, so degree of safety is higher by breaking through a memory node.
Brief description of the drawings
In order to illustrate more clearly of the technical solution in the embodiment of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present application, for
For those of ordinary skill in the art, without creative efforts, other can also be obtained according to these attached drawings
Attached drawing.
Fig. 1 is the block diagram for the secret key retrieving system that one exemplary embodiment of the application provides;
Fig. 2 is the flow chart for the secret key method for retrieving that one exemplary embodiment of the application provides;
Fig. 3 is the flow chart of the secret key method for retrieving of the application another exemplary embodiment offer;
Fig. 4 is the flow chart of the secret key method for retrieving of the application another exemplary embodiment offer;
Fig. 5 is the flow chart of the secret key method for retrieving of the application another exemplary embodiment offer;
Fig. 6 is the flow chart for the secret key fragmented storage that one exemplary embodiment of the application provides;
Fig. 7 is the flow chart that the secret key segmentation shown in one exemplary embodiment of the application obtains;
Fig. 8 is the block diagram of the secret key device for retrieving shown in one exemplary embodiment of the application;
Fig. 9 is the block diagram of the secret key device for retrieving shown in the application another exemplary embodiment;
Figure 10 is the block diagram of the structure for the terminal that one exemplary embodiment of the application provides;
Figure 11 is the block diagram of the structure of the key escrow server of the application another exemplary embodiment offer.
Embodiment
To make the purpose, technical scheme and advantage of the application clearer, below in conjunction with attached drawing to the application embodiment party
Formula is described in further detail.
Fig. 1 is the block diagram for the secret key retrieving system that one exemplary embodiment of the application provides, as shown in Figure 1, the secret key
Retrieving system includes:Terminal 11, key escrow server 12, m memory node 13 and communication network 14.Wherein:
Terminal 11 is used to target secret key being split as n sub- secret key strings, and is stored in n memory node 13.Needing
When giving target secret key for change, the sub- secret key string of target secret key of the terminal 11 to being segmented is obtained and rebuild.Alternatively, the terminal
11 are additionally operable to obtain target secret key, such as:Terminal 11 is incited somebody to action by obtaining target secret key for distributing the server of secret key
The target secret key acquired is segmented, and obtains more sub- secret key strings.Schematically, terminal 11 can be mobile terminal, such as:
Any one in mobile phone, tablet, portable notebook computer.
The terminal 11 is connected with key escrow server 12 by communication network 14.The communication network 14 can be wired network
Network or wireless network.
Key escrow server 12 is used for the route that message is carried out between terminal 11 and memory node 13.That is, secret key
Entrust Server 12 is used to ask according to the acquisition received and (be used to obtain target secret key), with searching the corresponding IP of memory node
Location, will obtain request and is transmitted to terminal 11.Alternatively, be stored with the key escrow server mark of each memory node with
The corresponding table of the corresponding IP address of each memory node.
Key escrow server 12 is connected with memory node 13 by communication network 14.
Memory node 13 is used for the sub- secret key string for storing the secret key being segmented in terminal 11.Alternatively, the memory node 13
Including:Memory node 131, memory node 132, memory node 133 and memory node 134.For same target secret key, one
A sub- secret key string can only be stored in a memory node.The sub- secret key string stored between any two memory node is mutually unknown
's.
In above-described embodiment, illustrated so that secret key retrieving system includes 4 memory nodes as an example, in practical operation,
The number of memory node 13 can be more or less, and the embodiment of the present application is not limited this.
Fig. 2 is the flow chart for the secret key method for retrieving that one exemplary embodiment of the application provides, and is applied in this way
In secret key retrieving system as shown in Figure 1, and the number of memory node is illustrates exemplified by m, as shown in Fig. 2, the secret key
Method for retrieving includes two stages:
First, secret key backup phase;
Step 201, target secret key is divided into n sub- secret key strings by terminal according to threshold value k.
Alternatively, threshold value k is that user manually selects, alternatively, threshold value k is that terminal is default, alternatively, thresholding
Threshold value k is that terminal generates at random.
Alternatively, target secret key is divided into n by terminal by Lagrange's interpolation algorithm and according to threshold value k
Sub- secret key string.Any k and the sub- secret key string of the above in the n sub- secret key strings, can reconstruct target secret key.
Schematically, target secret key is divided into n phase by terminal by Lagrange's interpolation algorithm and threshold value k
The sub- secret key string mutually contacted, alternatively, the sub- secret key strings which connects each other by Lagrange's interpolation algorithm determine more than one
Formula determines, wherein, any k and the sub- secret key string of the above in n sub- secret key strings, can reconstruct target secret key.
Step 202, terminal sends n storage request to key escrow server.
Alternatively, i-th of storage request is used to ask to store i-th of target secret key sub- secret key string to i-th of storage
Node, wherein, key escrow server is connected with m memory node, 0≤i≤n, 2≤k≤n≤m.
Alternatively, memory node shares m, and target secret key is divided into n sub- secret key strings, n≤m.Wherein, a storage
A sub- secret key string of target secret key can only be stored in node, which memory node every sub- secret key string is stored on and can lead to
Cross user voluntarily to make choice, the memory node of the sub- secret key string of storage target secret key can also be selected at random by terminal
Select.Wherein, for user during voluntarily making choice, the memory node selected is not available for second of selection.
Meanwhile terminal can also store:The second of memory node of the first flag of sub- secret key string with storing the sub- secret key string
Correspondence between mark.
Step 203, key escrow server receives n storage request of terminal transmission.
Step 204, n sub- secret key strings are stored in n memory node by key escrow server according to n storage request
On.
Alternatively, the IP address of each memory node is stored with key escrow server, is asked according to n storage by n
A sub- secret key string is stored to corresponding memory node.
Step 205, terminal obtains the storage result of key escrow server feedback.
Alternatively, the storage result that key escrow server is sent to terminal includes:Store success response or storage is lost
Lose response.
Wherein, step 203, step 204 and step 205 can circulate execution n times, when ith stores successfully, then perform
I+1 time storing process.
Second, secret key gives the stage for change;
Step 206, terminal obtains threshold value k.
Threshold value k is used to determine the minimum sub- secret key string number for rebuilding target secret key, and sub- secret key string is terminal by target
The substring that secret key obtains after being segmented.
Schematically, terminal includes secret key segmentation interface, which is segmented interface for being segmented to secret key
API (Application Programming Interface, application programming interface), terminal are connect by secret key segmentation
Target secret key has been divided into n sections by mouth, i.e., target secret key divide into n sub- secret key strings, and k is threshold value;Then pass through n son
At least k sub- secret key strings in secret key string, can be rebuild target secret key, wherein 2≤k≤n.
Step 207, terminal sends at least k times to key escrow server and obtains request according to threshold value k.
Acquisition request is used for the sub- secret key string for obtaining target secret key.Alternatively, i-th of acquisition request is used for acquisition request
I-th of sub- secret key string of target secret key, key escrow server are connected with m memory node, which is used to store
The sub- secret key string of target secret key, target secret key are divided into n sub- secret key strings and are respectively stored in n memory node, and 0≤i≤
K, 2≤k≤n≤m.
Alternatively, memory node shares m, and target secret key is divided into n sub- secret key strings, n≤m.Wherein, a storage
A sub- secret key string of target secret key can only be stored in node, which memory node every sub- secret key string is stored on and can lead to
Cross user voluntarily to make choice, the memory node of the sub- secret key string of storage target secret key can also be selected at random by terminal
Select.Wherein, for user during voluntarily making choice, the memory node selected is not available for second of selection.
Step 208, at least k times acquisition request that key escrow server receiving terminal is sent.
Alternatively, terminal can send k times to key escrow server and obtain request, can also to obtain k sub- secret key strings
The acquisition sent to key escrow server more than k times and less than or equal to n times is asked, and is more than k and less than or equal to n to obtain
Sub- secret key string.
Step 209, key escrow server is obtained according at least k times and asked, and at least k are obtained from n memory node
Sub- secret key string.
Alternatively, the IP address of each memory node is stored with key escrow server, is obtained and asked according at least k times
And the IP address of each memory node, obtain sub- secret key string from corresponding memory node.
Step 210, key escrow server sends at least k sub- secret key strings to terminal.
At least k received sub- secret key strings are sent to terminal by key escrow server, terminal according to receive to
Few k sub- secret key strings are rebuild target secret key.
Step 211, terminal obtains at least k sub- secret key strings of key escrow server feedback.
Step 212, terminal rebuilds target secret key according at least k sub- secret key strings.
Alternatively, terminal reconstructs target secret key by Lagrange's interpolation algorithm according at least k sub- secret key strings.
Schematically, a multinomial can be obtained according to Lagrange's interpolation algorithm, by will at least k sub- secret key strings
Connect, and reconstruct target secret key.
In conclusion secret key method for retrieving provided in this embodiment, by the way that target secret key is segmented to obtain more height
Secret key string, and more sub- secret key strings are stored respectively in multiple memory nodes, due to the storage section for storing sub- secret key string
Point is more, and the sub- secret key string stored between different memory nodes is mutually unknown, when malicious persons are attacked by Hacker Program
When hitting memory node, in this case it is not apparent that the sub- secret key string of target secret key is stored with which memory node, also can not be by breaking through one
A memory node obtains all sub- secret key strings, so degree of safety is higher.
In one alternate embodiment, the acquisition request that terminal is sent includes:First mark of sub- secret key string to be obtained
Know and store the sub- secret key string memory node second identifier, key escrow server is according to first flag and second identifier
Sub- secret key string is obtained from corresponding memory node.
Fig. 3 is the flow chart of the secret key method for retrieving of the application another exemplary embodiment offer, as shown in figure 3, should
Secret key method for retrieving includes:
Step 301, terminal obtains threshold value k.
Threshold value k is used to determine the minimum sub- secret key string number for rebuilding target secret key, and sub- secret key string is terminal by target
The substring that secret key obtains after being segmented.
Schematically, terminal includes secret key segmentation interface, which is segmented interface for being segmented to secret key
API, terminal are segmented interface by the secret key and target secret key have been divided into n sections, i.e., target secret key divide into n sub- secret key strings,
And determine that k is threshold value;Then by least k sub- secret key strings in n sub- secret key strings, target secret key can be rebuild,
Wherein 2≤k≤n, wherein, the k sub- secret key strings can be any k in n sub- secret key strings.
Alternatively, threshold value k is that user manually selects, alternatively, threshold value k is that terminal is default, alternatively, door
It is that terminal generates at random to limit threshold value k.
Step 302, terminal obtains the correspondence to prestore.
Alternatively, the correspondence to prestore is preserved in terminal, which includes the first flag of sub- secret key string
Correspondence between the second identifier of memory node.Alternatively, which includes the first mark of every sub- secret key string
Knowledge and the second identifier of the memory node stored to the sub- secret key string.
Schematically, using sub- secret key string as 4, memory node illustrates exemplified by being 6, the first flag and the second mark
The correspondence of knowledge is as shown in following table one:
Table one
Sub- secret key string | Memory node |
1st sub- secret key string | Node2 |
2nd sub- secret key string | Node5 |
3rd sub- secret key string | Node3 |
4th sub- secret key string | Node1 |
Step 303, terminal determines the first flag of the sub- secret key string of to be obtained i-th.
Alternatively, acquisition of the terminal to sub- secret key string carries out one by one, when obtaining i-th of sub- secret key string, first really
The first flag of fixed i-th of sub- secret key string to be obtained.
Step 304, terminal inquires i-th of storage section according to the first flag of i-th of sub- secret key string in correspondence
The second identifier of point.
Alternatively, the first flag of this i-th sub- secret key string is stored with terminal and the sub- secret key string stored
The correspondence of the second identifier of memory node, corresponding i-th of storage section of i-th of sub- secret key string is inquired about by the correspondence
The second identifier of point.
Schematically, terminal determines that sub- secret key string to be obtained is the 2nd sub- secret key string, according to table one, terminal inquiry
The second identifier for obtaining the corresponding memory node of the 2nd sub- secret key string is Node5.
Step 305, terminal sends i-th to key escrow server and obtains request.
Obtain request and carry the first flag of i-th sub- secret key string and the second mark of i-th of memory node for this i-th
Know, alternatively, i-th sub- secret key string of this i-th acquisition request for acquisition request target secret key.
Schematically, sub- secret key string to be obtained is the 2nd sub- secret key string, then acquisition request includes " the 2nd sub- secret key
String " and " Node5 ".
Alternatively, the terminal iidentification of terminal and the IP address of terminal are further included in this i-th acquisition request.
Step 306, key escrow server receives i-th of acquisition request of terminal transmission.
Step 307, key escrow server is according to i-th of the second mark for obtaining i-th of the memory node carried in request
Know, inquire about the IP address of i-th of memory node.
Alternatively, the second identifier of all m memory nodes and each memory node are stored with key escrow server
IP address correspondence, pass through i-th and obtain the second identifier of i-th of memory node carried in request, with reference to corresponding
The IP address of relational query i-th of memory node.
Schematically, by taking memory node number shares 6 as an example, the second identifier of all memory nodes and each memory node
IP address correspondence as shown in following table two:
Table two
Second identifier | IP address |
Node1 | 152.1.1.0 |
Node2 | 152.2.1.1 |
Node3 | 152.2.5.15 |
Node4 | 152.1.1.250 |
Node5 | 152.1.2.0 |
Node6 | 152.3.1.0 |
It is worth noting that, i-th of acquisition request that key escrow server receiving terminal is sent, obtaining request includes
The first flag of i-th sub- secret key string and the second identifier of memory node, but it is secret not store i-th of son in key escrow server
The correspondence of the first flag of i-th of sub- secret key string of key string and the second identifier of memory node, received i-th of the son of docking
The correspondence of the first flag of secret key string and the second identifier of memory node will not be stored.
Step 308, key escrow server positions i-th of memory node according to IP address, is obtained according to i-th in request
The first flag of i-th of the sub- secret key string carried, i-th of sub- secret key string is obtained from i-th of memory node.
Alternatively, when key escrow server is to i-th of memory node i-th of sub- secret key string of acquisition, to i-th of sub- secret key
String sends substring and obtains request, which, which obtains request, includes the first flag and tokenID of i-th of sub- secret key string, and i-th
The substring that a memory node confirms to receive according to the tokenID obtains request and is sent by key escrow server.
Alternatively, substring, which obtains request, includes the IP address of key escrow server, and i-th of memory node is according to the IP
I-th of sub- secret key string is sent to key escrow server by address.
Alternatively, when i-th of sub- secret key string is sent to key escrow server by i-th of memory node, tokenID is returned
Back to key escrow server, key escrow server according to tokenID confirm i-th of sub- secret key string receiving be this i-th
What a memory node was sent, and should with target secret key pair.
Step 309, key escrow server sends i-th of sub- secret key string to terminal.
Alternatively, key escrow server sends i-th of sub- secret key string according to the IP address of terminal iidentification and terminal
To terminal.
Step 310, terminal obtains at least k sub- secret key strings of key escrow server feedback.
Above-mentioned steps 302 to step 309 are circulated into execution at least k times, when ith obtains successfully, then perform i+1 time
Acquisition process, i.e. terminal obtain at least k sub- secret key strings of key escrow server feedback.
Step 311, terminal rebuilds target secret key according at least k sub- secret key strings.
Alternatively, terminal reconstructs target secret key by Lagrange's interpolation algorithm according at least k sub- secret key strings.
In conclusion by the way that secret key is segmented, more sub- secret key strings are obtained, and more sub- secret key strings are stored respectively
In multiple memory nodes, since the memory node for storing sub- secret key string is more, and stored between different memory nodes
Sub- secret key string is mutually unknown, when malicious persons attack memory node by Hacker Program, in this case it is not apparent which storage section
Sub- secret key string is stored with point, also all sub- secret key strings can not be obtained by breaking through a memory node, so degree of safety is higher;
Due to the correspondence of IP address that memory node and memory node are only stored with secret key management server secret key,
And the correspondence of memory node of the sub- secret key string with storing the sub- secret key string is not stored, therefore hacker can not be by breaking through secret key
Management server obtains the correspondence of memory node of the sub- secret key string with storing sub- secret key string.
It is worth noting that, before step 305 in the above-described embodiments, terminal can be carried out with key escrow server
Two-way certificate verification.
Fig. 4 is the flow chart of the secret key method for retrieving of the application another exemplary embodiment offer, as shown in figure 4, should
Secret key method for retrieving includes two stages:
First, secret key backup phase;
Step 401, target secret key is divided into n sub- secret key strings by terminal according to threshold value k.
Alternatively, threshold value k is that user manually selects, alternatively, threshold value k is that terminal is default, alternatively, thresholding
Threshold value k is that terminal generates at random.
Alternatively, target secret key is divided into n sub- secret key strings by terminal by Lagrange's interpolation algorithm.This n son is secret
Any k and the sub- secret key string of the above in key string, can reconstruct target secret key.
Schematically, target secret key is divided into n by terminal by Lagrange's interpolation algorithm and according to threshold value k
A sub- secret key string, alternatively, the multinomial that the n sub- secret key strings connected each other are determined by Lagrange's interpolation algorithm are true
It is fixed, wherein, any k and the sub- secret key string of the above in n sub- secret key strings, can reconstruct target secret key.
Schematically, by Lagrange's interpolation algorithm and according to threshold value k, target secret key is divided into n son
The process of secret key string is as follows, wherein, k≤n:
1st, target secret key is divided into n sub- secret key strings, obtains sub- secret key trail { x1, x2..., xn, wherein, different sons
Secret key string includes different IDi, i ∈ [1, n]
If a0=A, and randomly choose k-1 polynomial parameters (such as a1, a2..., ak-1) construction multinomial, wherein, for
Each sub- secret key string x has:
F (x)=a0+a1x+…+ak-1xk-1
2nd, sub- secret key string x is calculatedi=f (IDi), i ∈ [1, n], obtain each sub- secret key string.
Step 402, terminal sends n storage request to key escrow server.
Alternatively, i-th of storage request is used to ask to store i-th of target secret key sub- secret key string to i-th of storage
Node, wherein, key escrow server is connected with m memory node, 0≤i≤n, 2≤k≤n≤m.
Alternatively, memory node shares m, and target secret key is divided into n sub- secret key strings, n≤m.Wherein, a storage
A sub- secret key string of target secret key can only be stored in node, which memory node every sub- secret key string is stored on and can lead to
Cross user voluntarily to make choice, the memory node of the sub- secret key string of storage target secret key can also be selected at random by terminal
Select.Wherein, for user during voluntarily making choice, the memory node selected is not available for second of selection.
Meanwhile terminal can also store:The second of memory node of the first flag of sub- secret key string with storing the sub- secret key string
Correspondence between mark.
Step 403, key escrow server receives n storage request of terminal transmission.
Step 404, n sub- secret key strings are stored in n memory node by key escrow server according to n storage request
On.
Alternatively, the IP address of each memory node is stored with key escrow server, is asked according to n storage by n
A sub- secret key string is stored to corresponding memory node.
Step 405, terminal obtains the storage result of key escrow server feedback.
Alternatively, the storage result that key escrow server is sent to terminal includes:Store success response or storage is lost
Lose response.
Wherein, step 403, step 404 and step 405 can circulate execution n times, when ith stores successfully, then perform
I+1 time storing process.
Second, secret key gives the stage for change;
Step 406, terminal obtains threshold value k.
Threshold value k is used to determine the minimum sub- secret key string number for rebuilding target secret key, and sub- secret key string is terminal by target
The substring that secret key obtains after being segmented.
Step 407, terminal obtains the correspondence to prestore.
Alternatively, the correspondence to prestore is preserved in terminal, which includes the first flag of sub- secret key string
Correspondence between the second identifier of memory node.Alternatively, which includes the first mark of every sub- secret key string
Knowledge and the second identifier of the memory node stored to the sub- secret key string.
Step 408, terminal determines the first flag of the sub- secret key string of to be obtained i-th.
Alternatively, the acquisition to sub- secret key string carries out one by one, when obtaining i-th of sub- secret key string, it is first determined should
The first flag of i-th of sub- secret key string to be obtained.
Step 409, terminal inquires i-th of storage section according to the first flag of i-th of sub- secret key string in correspondence
The second identifier of point.
Alternatively, the first flag of this i-th sub- secret key string is stored with terminal and the sub- secret key string stored
The correspondence of the second identifier of memory node, corresponding i-th of storage section of i-th of sub- secret key string is inquired about by the correspondence
The second identifier of point.
Step 410, terminal sends the first certification certificate to key escrow server.
Alternatively, which includes the first signing messages and other information, which leads to
The first private key for crossing terminal is encrypted, and the first signing messages in the first certification certificate can pass through key escrow server
The second public key be decrypted, for ensuring the communications security between terminal and key escrow server.
Step 411, key escrow server is authenticated the first certification certificate.
Alternatively, key escrow server obtains the by carrying out predetermined computation to the other information in the first certification certificate
One as a result, and the first signing messages is decrypted using the second public key, if obtaining second as a result, the first result and the second result
It is corresponding, then success response is authenticated to the first certification certificate.
Step 412, key escrow server sends the second certification certificate to terminal.
Alternatively, after key escrow server carries out success identity to the first certification certificate, the second certification is sent to terminal
Certificate, the second certification certificate include the second signing messages and other information, which passes through key escrow
Second private key of server is encrypted, and the second signing messages in the second certification certificate can pass through the first public key of terminal
It is decrypted, for ensuring the communications security between terminal and key escrow server.
Step 413, terminal receives the second certification certificate.
Alternatively, terminal obtains the 3rd as a result, simultaneously by carrying out predetermined computation to the other information in the second certification certificate
The second signing messages is decrypted using the first public key, if obtaining the 4th as a result, the 3rd result is corresponding with the 4th result,
Success response is authenticated to the second certification certificate.
Step 414, terminal sends i-th to key escrow server and obtains request.
Alternatively, when terminal is by the server identification of the server identification received and stored key escrow server
After being matched, when matching result is the server identification that the server identification received is the key escrow server, that is, recognize
Demonstrate,prove successfully, terminal sends i-th to the key escrow server and obtains request.
Obtain request and carry the first flag of i-th sub- secret key string and the second mark of i-th of memory node for this i-th
Know, alternatively, i-th sub- secret key string of this i-th acquisition request for acquisition request target secret key.
Step 415, key escrow server receives i-th of acquisition request of terminal transmission.
Step 416, key escrow server is according to i-th of the second mark for obtaining i-th of the memory node carried in request
Know, inquire about the IP address of i-th of memory node.
Alternatively, the second identifier of all m memory nodes and each memory node are stored with key escrow server
IP address correspondence, pass through i-th and obtain the second identifier of i-th of memory node carried in request, with reference to corresponding
The IP address of relational query i-th of memory node.
It is worth noting that, i-th of acquisition request that key escrow server receiving terminal is sent, obtaining request includes
The first flag of i-th sub- secret key string and the second identifier of memory node, but it is secret not store i-th of son in key escrow server
The correspondence of the first flag of key string and the second identifier of memory node, docks the first mark of received i-th of sub- secret key string
Know and the correspondence of the second identifier of memory node will not be stored.
Step 417, key escrow server positions i-th of memory node according to IP address, is obtained according to i-th in request
The first flag of i-th of the sub- secret key string carried, i-th of sub- secret key string is obtained from i-th of memory node.
Alternatively, when key escrow server is to i-th of memory node i-th of sub- secret key string of acquisition, to i-th of sub- secret key
String sends substring and obtains request, which, which obtains request, includes the first flag and tokenID of i-th of sub- secret key string, and i-th
A memory node confirms that obtain request in the substring received is sent by key escrow server by the tokenID.
Alternatively, sub- secret key string, which obtains request, includes the IP address of key escrow server, i-th of memory node according to
I-th of sub- secret key string is sent to key escrow server by the IP address.
Alternatively, when i-th of sub- secret key string is sent to key escrow server by i-th of memory node, tokenID is returned
Back to key escrow server, key escrow server according to tokenID confirm i-th of sub- secret key string receiving be this i-th
What a memory node was sent, and should with target secret key pair.
Step 418, key escrow server sends i-th of sub- secret key string to terminal.
Alternatively, the correspondence of the IP address of terminal iidentification and terminal, root are stored with the key escrow server
The IP address of terminal is obtained according to terminal iidentification corresponding with this i-th sub- secret key string, and i-th of sub- secret key string was sent to end
End.
Step 419, terminal obtains at least k sub- secret key strings of key escrow server feedback.
Above-mentioned steps 414 to step 418 are circulated into execution at least k times, when ith obtains successfully, then perform i+1 time
Acquisition process, i.e. terminal obtain at least k sub- secret key strings of key escrow server feedback.Wherein, at least k son of acquisition is secret
Key string is at least k different sub- secret key strings.
Step 420, terminal rebuilds target secret key according at least k sub- secret key strings.
Alternatively, terminal reconstructs target secret key by Lagrange's interpolation algorithm according at least k sub- secret key strings.
Schematically, it is by Lagrange's interpolation algorithm and according to threshold value k, target is secret according in step 401
Key is divided into the cutting procedure of n sub- secret key strings, and terminal is by Lagrange's interpolation algorithm, according at least k sub- secret key string weights
The process for building target secret key is as follows:
Assuming that the k sub- secret key strings are { x1, x2..., xk, k sub- secret key points of composition are (ID1, x1), (ID2, x2)…
(IDk, xk), utilize Lagrange's interpolation algorithm:
Wherein, 1 < t < k, sub- secret key point is brought into (x, y) for variable, obtains A=f (0)=a0。
It is worth noting that, above-mentioned steps 410 can be performed after step 409, can also performed to step 413
Any instant before step 414, as before step 409, the embodiment of the present application is not limited this.
In conclusion by the way that secret key is segmented, more sub- secret key strings are obtained, and more sub- secret key strings are stored respectively
In multiple memory nodes, since the memory node for storing sub- secret key string is more, and stored between different memory nodes
Sub- secret key string is mutually unknown, when malicious persons attack memory node by Hacker Program, in this case it is not apparent which storage section
Sub- secret key string is stored with point, also all sub- secret key strings can not be obtained by breaking through a memory node, so degree of safety is higher;
Due to the correspondence of IP address that memory node and memory node are only stored with key escrow server, and simultaneously
The correspondence of memory node of the sub- secret key string with storing the sub- secret key string is not stored, therefore hacker can not be by breaking through key escrow
Server obtains storing the memory node of sub- secret key string;
Since before terminal sends acquisition request to key escrow server, terminal is carried out with key escrow server
Two-way certificate verification, it is ensured that the identity for the terminal for obtaining request is sent to key escrow server, and sub- secret key string is sent
To the identity of the key escrow server of terminal, secret key hacker is reduced to the successful risk of key escrow server attack.
In an optional embodiment, the encrypted cipher text for sub- secret key string that is stored in memory node, by least k
A encrypted cipher text is decrypted to obtain at least k sub- secret key strings, and rebuilds target secret key according at least k sub- secret key strings.
Fig. 5 is the flow chart of the secret key method for retrieving of the application another exemplary embodiment offer, as shown in figure 5, should
Secret key method for retrieving includes:
Step 501, terminal obtains threshold value k.
Threshold value k is used to determine the minimum sub- secret key string number for rebuilding target secret key, and sub- secret key string is terminal by target
The substring that secret key obtains after being segmented, schematically, terminal include secret key segmentation interface, and interface is segmented by the secret key,
Target secret key has been divided into n sections by terminal, that is, divide into n sub- secret key strings, and determines that k is threshold value, then at least through k son
Secret key string, can be rebuild target secret key, wherein 2≤k≤n.
Step 502, terminal sends at least k times to key escrow server and obtains request according to threshold value k.
Acquisition request is used for the sub- secret key string for obtaining target secret key.Alternatively, i-th of acquisition request is used for acquisition request
I-th of sub- secret key string of target secret key, key escrow server are connected with m memory node, which is used to store
The sub- secret key string of target secret key, target secret key are divided into n sub- secret key strings and are respectively stored in n memory node, and 0≤i≤
K, 2≤k≤n≤m.
Alternatively, memory node shares m, and target secret key is divided into n sub- secret key strings, n≤m, wherein, a storage
A sub- secret key string of target secret key can only be stored in node, which memory node every sub- secret key string is stored on and can lead to
Cross user voluntarily to make choice, the memory node of the sub- secret key string of storage target secret key can also be made choice at random, wherein,
For user during voluntarily making choice, the memory node selected can not second selecting.
Step 503, at least k times acquisition request that key escrow server receiving terminal is sent.
Alternatively, terminal can send k times to key escrow server and obtain request, can also to obtain k sub- secret key strings
The acquisition sent to key escrow server more than k times and less than or equal to n times is asked, and is more than k and less than or equal to n to obtain
Sub- secret key string.
Step 504, key escrow server is obtained according at least k times and asked, and at least k are obtained from n memory node
Encrypted cipher text.
Alternatively, the encrypted cipher text of the sub- secret key string for target secret key stored in memory node, key escrow server
In be stored with the IP address of each memory node, according to the encryption for obtaining request from corresponding memory node and obtaining sub- secret key string
Ciphertext.
Step 505, key escrow server will at least k encrypted cipher text be sent to terminal.
At least k encrypted cipher text received is sent to terminal by key escrow server, and target secret key is carried out weight
Build.
Step 506, terminal obtains decryption secret key by reserved mailbox or client-side program from secret key server.
Alternatively, there are the decryption secret key that encrypted cipher text is stored with secret key server, secret key server is by reserving postal
Case or client-side program are sent secret key is decrypted to terminal, and encrypted cipher text can be decrypted, obtained by the decryption secret key
The corresponding sub- secret key string of encrypted cipher text.
Step 507, terminal receives at least k encrypted cipher text of key escrow server feedback.
Step 508, terminal is decrypted by decrypting secret key pair at least k encrypted cipher text, obtains at least k sub- secret keys
String.
Alternatively, corresponding each encrypted cipher text at least in k encrypted cipher text can be same decryption secret key, also may be used
To be multiple and different decryption secret keys, i.e., secret key server to the decryption secret key that terminal is sent can be one decryption secret key,
Can be at least k encrypted cipher text and the correspondence of decryption secret key.
When at least k encrypted cipher text corresponds to a decryption secret key, by the decryption secret key pair at least k encrypted cipher text into
Row decryption, obtains at least k sub- secret key strings;When the corresponding decryption secret key of at least k encrypted cipher text is secret for multiple and different decryption
During key, by least k encrypted cipher text and the correspondence of decryption secret key, at least k encrypted cipher text is decrypted, obtain to
Few k sub- secret key strings.
Step 509, target secret key is rebuild according at least k sub- secret key strings.
Alternatively, terminal reconstructs target secret key by Lagrange's interpolation algorithm according at least k sub- secret key strings.
In conclusion by the way that secret key is segmented, more sub- secret key strings are obtained, and will more a sub- secret key strings by secret key
It is encrypted to obtain multiple encrypted cipher texts, multiple encrypted cipher texts is stored respectively in multiple memory nodes, decryption secret key is deposited
It is stored in secret key server, since the memory node for storage is more, when malicious persons attack storage section by Hacker Program
During point, in this case it is not apparent that encrypted cipher text is stored with which memory node, so degree of safety is higher;
Due to being encrypted to sub- secret key string, even if malicious persons attack memory node by Hacker Program,
And the encrypted cipher text of sub- secret key string is obtained, but since decryption secret key is stored in secret key server, the storage with encrypted cipher text
Position is different, so can not also directly acquire sub- secret key string and rebuild target secret key according to sub- secret key string.
In a specific embodiment, using encrypted file as the .rar that goes on a tour, memory node carries out exemplified by sharing 6
Illustrate, Fig. 6 is the flow chart of the secret key fragmented storage shown in one exemplary embodiment of the application, as shown in Figure 6:
At data encryption interface 61, to file, " .rar " that goes on a tour is encrypted, and obtains target secret key and is
" 111000111000 ", and select target secret key being divided into 4 cross-talk secret key strings, since memory node shares 6, therefore in prompting frame
Display segment sum is not more than 6;
User setting threshold value is 2, that is, when getting 2 cross-talk secret key string, can rebuild target secret key, i.e., at least obtain
Target secret key can be rebuild during 2 cross-talk secret key string;
User clicks on the selection laggard ingress selection interface 62 of node virtual button, the first storage to the 1st sub- secret key string
Node makes choice, and after selecting memory nodes of the Node2 for the 1st sub- secret key string, the memory node of the 2nd sub- secret key string is selected
Select, wherein, the Node2 for storing the 1st sub- secret key string can not make choice again;Select Node5 depositing for the 2nd sub- secret key string
Store up node after, the memory node of the 3rd sub- secret key string is made choice, wherein, for store the 1st sub- secret key string Node2 and
Node5 for storing the 2nd sub- secret key string can not make choice again;Select memory nodes of the Node3 for the 3rd sub- secret key string
Afterwards, the memory node of the 4th sub- secret key string is made choice, wherein, for storing the Node2 of the 1st sub- secret key string, for storing the
The Node5 of 2 sub- secret key strings and the Node3 for storing the 2nd sub- secret key string can not make choice again;It is the 4th to select Node1
Shown after the memory node of sub- secret key string and encrypt successfully interface 63.
The flow chart of secret key fragmented storage in corresponding diagram 6, Fig. 7 are secret shown in one exemplary embodiment of the application
The flow chart that key segmentation obtains, by taking the Stored Procedure of the target secret key is the flow shown in Fig. 6 as an example, as shown in Figure 7:
" forgetting Password " virtual key is selected at data deciphering interface 71, and enters sub- secret key string and obtains interface 72 to obtain
Sub- secret key string, since the threshold value k of setting is 2, therefore is rebuild secret key after can obtaining 2 sub- secret key strings, secret to the 1st son
The memory node of key string and the 2nd sub- secret key string is filled in, and is confirmed to obtain and reconstructed interface 73 in secret key, obtains target secret key
For " 111000111000 ".
It is worth noting that, in above-described embodiment, using the sub- secret key string of acquisition as the 1st sub- secret key string and the 2nd sub- secret key string
Exemplified by illustrate, in practical operation, the sub- secret key string of acquisition can also be the 1st sub- secret key string and the 3rd sub- secret key string, the 1st
Sub- secret key string and the 4th sub- secret key string, the 2nd sub- secret key string and the 3rd sub- secret key string, the 2nd sub- secret key string and the 4th sub- secret key string or
3 sub- secret key strings and the 4th sub- secret key string, the application are not limited this.And in above-described embodiment, with to two sub- secret key strings
Illustrate exemplified by being obtained, in practical operation, three or four sub- secret key strings can also be obtained, i.e. group
Secret key string shares n, and when threshold value be k, quantity can be obtained not less than k and no more than a sub- secret key strings of n.
Fig. 8 is the block diagram of the secret key device for retrieving shown in one exemplary embodiment of the application, as shown in figure 8, this is secret
Key device for retrieving includes:First acquisition module 81, the first sending module 82 and reconstruction module 83;
First acquisition module 81, for obtaining threshold value k;
First sending module 82, for according to the threshold value k, at least k times acquisition to be sent to key escrow server
Ask, i-th sub- secret key string of i-th of acquisition request for acquisition request target secret key, the key escrow server is a with m
Memory node is connected, and the target secret key is divided into n sub- secret key strings and is respectively stored in the n memory node, 0≤i
≤ k, 2≤k≤n≤m;
First acquisition module 81, is additionally operable to obtain at least k sub- secret key strings of the key escrow server feedback;
Module 83 is rebuild, the target secret key is reconstructed at least k sub- secret key strings according to.
In an optional embodiment, first sending module 82, including:
First acquisition unit, for obtaining the correspondence that prestores, the correspondence includes the of the sub- secret key string
Correspondence between one mark and the second identifier of the memory node;
Query unit, for determining the first flag of the sub- secret key string of to be obtained described i-th, according to described i-th son
The first flag of secret key string inquires the second identifier of i-th of memory node in the correspondence;
First transmitting element, is asked, described i-th for sending i-th of acquisition to the key escrow server
Obtain request and carry the first flag of described i-th sub- secret key string and the second identifier of i-th of memory node.
In an optional embodiment, the reconstruction module 83, is additionally operable to by Lagrange's interpolation algorithm according to institute
State at least k sub- secret key strings and reconstruct the target secret key.
In an optional embodiment, the acquisition module 81, including:
Second acquisition unit, for obtaining decryption secret key from secret key server by reserved mailbox or client-side program;
Receiving unit, for receiving at least k encrypted cipher text of the key escrow server feedback;
Decryption unit, for by it is described decryption secret key pair described at least k encrypted cipher text be decrypted, obtain described in extremely
Few k sub- secret key strings.
In an optional embodiment, first sending module 82, is additionally operable to send the first certification certificate to institute
State key escrow server;
First acquisition module 81, is additionally operable to obtain the second certification certificate that the key escrow server is sent, institute
It is the certificate sent after the key escrow server is authenticated the first certification certificate to state the second certification certificate;
Described device, further includes:
Authentication module, for being authenticated to the second certification certificate.
In an optional embodiment, described device, further includes:
Split module, for the target secret key to be divided into n sub- secret key strings according to the threshold value k, the n is a
Any at least k sub- secret key strings in sub- secret key string are used to rebuild the target secret key;
First sending module 82, is additionally operable to send n storage to the key escrow server and asks, deposit for i-th
Storage request is used to ask to store i-th of target secret key sub- secret key string to i-th of memory node;
First acquisition module 81, is additionally operable to obtain the storage result of the key escrow server feedback.
In an optional embodiment, the segmentation module, is additionally operable to the mesh by Lagrange's interpolation algorithm
Mark secret key is divided into n sub- secret key strings.
Fig. 9 is the block diagram of the secret key device for retrieving shown in the application another exemplary embodiment, the secret key device for retrieving
It is connected with m memory node, as shown in figure 9, the secret key device for retrieving includes:Receiving module 91, the second acquisition module 92 and
Second sending module 93;
Receiving module 91, obtains request, i-th of acquisition request is obtained for request at least k times that receiving terminal is sent
Take i-th of sub- secret key string of target secret key, the target secret key, which is divided into n sub- secret key strings and is respectively stored in the n, deposits
Store up in node, 0≤i≤k, 2≤k≤n≤m;
Second acquisition module 92, is asked for being obtained according to described at least k time, from the n memory node acquisition to
Few k sub- secret key strings;
Second sending module 93, for sending at least k sub- secret key strings to the terminal.
In an optional embodiment, the receiving module 91, i-th of acquisition for being additionally operable to receiving terminal transmission please
Ask, obtain for described i-th request carry described i-th sub- secret key string first flag and i-th of memory node the
Two marks.
In an optional embodiment, second acquisition module 92, is additionally operable to be obtained in request according to described i-th
The second identifier of i-th of the memory node carried;
Second acquisition module 92, further includes:
Query unit, for inquiring about the IP address of i-th of memory node;
Positioning unit, for positioning i-th of memory node according to the IP address of i-th of memory node;
3rd acquiring unit, for obtaining the first of the described i-th sub- secret key string carried in request according to described i-th
Mark, i-th of sub- secret key string is obtained from i-th of memory node.
In an optional embodiment, the second acquisition module 92, is additionally operable to obtain at least from the n memory node
K encrypted cipher text;
Second sending module 93, is additionally operable to send at least k encrypted cipher text to the terminal.
In an optional embodiment, receiving module 91, is additionally operable to the first certification certificate that receiving terminal is sent;
Described device, further includes:
Authentication module, for being authenticated to the first certification certificate, and generates the second certification certificate;
Second sending module, is additionally operable to send the second certification certificate to the terminal.
The block diagram of the structure for the terminal that Figure 10 is provided it illustrates the application one embodiment, the terminal can include radio frequency
(RF, Radio Frequency) circuit 1001, the memory for including one or more computer-readable recording mediums
1002nd, input unit 1003, display unit 1004, sensor 1005, voicefrequency circuit 1006, Wireless Fidelity (WiFi, Wireless
Fidelity) module 1007, include the portion such as one or the processor 1008 of more than one processing core and power supply 1009
Part.It will be understood by those skilled in the art that the restriction of the terminal structure shown in Figure 10 not structure paired terminal, can include than
More or fewer components are illustrated, either combine some components or different components arrangement.Wherein:
RF circuits 1001 can be used for receive and send messages or communication process in, the reception and transmission of signal, especially, by base station
After downlink information receives, transfer to one or more than one processor 1008 is handled;In addition, will be related to the data sending of uplink to
Base station.In general, RF circuits 1001 include but not limited to antenna, at least one amplifier, tuner, one or more oscillator,
Subscriber identity module (SIM, Subscriber Identity Module) card, transceiver, coupler, low-noise amplifier
(LNA, Low Noise Amplifier), duplexer etc..In addition, RF circuits 1001 can also by wireless communication and network and
Other equipment communicates.The wireless communication can use any communication standard or agreement, include but not limited to global system for mobile telecommunications
System (GSM, Global System of Mobile communication), general packet radio service (GPRS, General
Packet Radio Service), CDMA (CDMA, Code Division Multiple Access), wideband code division it is more
Location (WCDMA, Wideband Code Division Multiple Access), Long Term Evolution (LTE, Long Term
Evolution), Email, Short Message Service (SMS, Short Messaging Service) etc..
Memory 1002 can be used for storage software program and module, and processor 1008 is stored in memory by operation
1002 software program and module, so as to perform various functions application and data processing.Memory 1002 can mainly include
Storing program area and storage data field, wherein, storing program area can storage program area, the application journey needed at least one function
Sequence (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored uses what is created according to terminal
Data (such as voice data, phone directory etc.) etc..In addition, memory 1002 can include high-speed random access memory, may be used also
With including nonvolatile memory, for example, at least a disk memory, flush memory device or other volatile solid-states
Part.Correspondingly, memory 1002 can also include Memory Controller, to provide processor 1008 and input unit 1003 to depositing
The access of reservoir 1002.
Input unit 1003 can be used for the numeral or character information for receiving input, and produce and user setting and function
Control related keyboard, mouse, operation lever, optics or the input of trace ball signal.Specifically, in a specific embodiment
In, input unit 1003 may include touch sensitive surface and other input equipments.Touch sensitive surface, also referred to as touch display screen or tactile
Control plate, collect user on it or neighbouring touch operation (such as user using any suitable object such as finger, stylus or
Operation of the annex on touch sensitive surface or near touch sensitive surface), and corresponding connection dress is driven according to formula set in advance
Put.Alternatively, touch sensitive surface may include both touch detecting apparatus and touch controller.Wherein, touch detecting apparatus is examined
The touch orientation of user is surveyed, and detects the signal that touch operation is brought, transmits a signal to touch controller;Touch controller from
Touch information is received on touch detecting apparatus, and is converted into contact coordinate, then gives processor 1008, and can reception processing
Order that device 1008 is sent simultaneously is performed.It is furthermore, it is possible to more using resistance-type, condenser type, infrared ray and surface acoustic wave etc.
Type realizes touch sensitive surface.Except touch sensitive surface, input unit 1003 can also include other input equipments.Specifically, its
His input equipment can include but is not limited to physical keyboard, function key (such as volume control button, switch key etc.), track
One or more in ball, mouse, operation lever etc..
Display unit 1004 is each available for the information and terminal for showing by information input by user or being supplied to user
Kind graphical user interface, these graphical user interface can be made of figure, text, icon, video and its any combination.It is aobvious
Show that unit 1004 may include display panel, it is alternatively possible to using liquid crystal display (LCD, Liquid Crystal
Display), the form such as Organic Light Emitting Diode (OLED, Organic Light-Emitting Diode) configures display surface
Plate.Further, touch sensitive surface can cover display panel, when touch sensitive surface is detected on it or after neighbouring touch operation,
Processor 1008 is sent to determine the type of touch event, is followed by subsequent processing device 1008 according to the type of touch event in display surface
Corresponding visual output is provided on plate.Although in Fig. 10, touch sensitive surface is that the component independent as two comes with display panel
Realize input and input function, but in some embodiments it is possible to touch sensitive surface and display panel are integrated and realize input
And output function.
Terminal may also include at least one sensor 1005, such as optical sensor, motion sensor and other sensors.
Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein, ambient light sensor can be according to ambient light
Light and shade adjust the brightness of display panel, proximity sensor can close display panel and/or the back of the body when terminal is moved in one's ear
Light.As one kind of motion sensor, gravity accelerometer can detect in all directions (generally three axis) acceleration
Size, can detect that size and the direction of gravity when static, available for identification mobile phone posture application (such as horizontal/vertical screen switching,
Dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;It can also configure as terminal
Gyroscope, barometer, hygrometer, thermometer, the other sensors such as infrared ray sensor, details are not described herein.
Voicefrequency circuit 1006, loudspeaker, microphone can provide the audio interface between user and terminal.Voicefrequency circuit 1006
The transformed electric signal of the voice data received can be transferred to loudspeaker, voice signal output is converted to by loudspeaker;Separately
On the one hand, the voice signal of collection is converted to electric signal by microphone, and voice data is converted to after being received by voicefrequency circuit 1006,
After voice data output processor 1008 is handled again, through RF circuits 1001 to be sent to such as another terminal, or by audio
Data are exported to memory 1002 further to handle.Voicefrequency circuit 1006 is also possible that earphone jack, to provide peripheral hardware
The communication of earphone and terminal.
WiFi belongs to short range wireless transmission technology, and terminal can help user's transceiver electronics postal by WiFi module 1007
Part, browse webpage and access streaming video etc., it has provided wireless broadband internet to the user and has accessed.Although Figure 10 is shown
WiFi module 1007, but it is understood that, it is simultaneously not belonging to must be configured into for terminal, can not change as needed completely
Become in the essential scope of invention and omit.
Processor 1008 is the control centre of terminal, using various interfaces and the various pieces of connection whole mobile phone,
By running or performing the software program and/or module that are stored in memory 1002, and call and be stored in memory 1002
Interior data, perform the various functions and processing data of terminal, so as to carry out integral monitoring to mobile phone.Alternatively, processor
1008 may include one or more processing cores;Preferably, processor 1008 can integrate application processor and modulation /demodulation processing
Device, wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor is mainly located
Manage wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1008.
Terminal further includes the power supply 1009 (such as battery) to all parts power supply, it is preferred that power supply can pass through power supply
Management system and processor 1008 are logically contiguous, so as to realize management charging, electric discharge and power consumption pipe by power-supply management system
The functions such as reason.Power supply 1009 can also include one or more direct current or AC power, recharging system, power failure
The random component such as detection circuit, power supply changeover device or inverter, power supply status indicator.
Although being not shown, terminal can also include camera, bluetooth module etc., and details are not described herein.Specifically in this implementation
In example, the processor 1008 in terminal can run the one or more programmed instruction being stored in memory 1002, from
And realize the secret key method for retrieving provided in above-mentioned each embodiment of the method.
The block diagram of the structure for the key escrow server that Figure 11 is provided it illustrates the application one embodiment, the secret key support
Pipe server can include radio frequency (RF, Radio Frequency) circuit 1101, include one or more computers can
Read the memory 1102 of storage medium, input unit 1103, display unit 1104, sensor 1105, voicefrequency circuit 1106, wireless
Fidelity (WiFi, Wireless Fidelity) module 1107, include one or the processor of more than one processing core
The component such as 1108 and power supply 1109.It will be understood by those skilled in the art that the key escrow server architecture shown in Figure 11
The restriction to key escrow server is not formed, can be included than illustrating more or fewer components, or some portions of combination
Part, or different components arrangement.Wherein:
RF circuits 1101 can be used for receive and send messages or communication process in, the reception and transmission of signal, especially, by base station
After downlink information receives, transfer to one or more than one processor 1108 is handled;In addition, will be related to the data sending of uplink to
Base station.In general, RF circuits 1101 include but not limited to antenna, at least one amplifier, tuner, one or more oscillator,
Subscriber identity module (SIM, Subscriber Identity Module) card, transceiver, coupler, low-noise amplifier
(LNA, Low Noise Amplifier), duplexer etc..In addition, RF circuits 1101 can also by wireless communication and network and
Other equipment communicates.The wireless communication can use any communication standard or agreement, include but not limited to global system for mobile telecommunications
System (GSM, Global System of Mobile communication), general packet radio service (GPRS, General
Packet Radio Service), CDMA (CDMA, Code Division Multiple Access), wideband code division it is more
Location (WCDMA, Wideband Code Division Multiple Access), Long Term Evolution (LTE, Long Term
Evolution), Email, Short Message Service (SMS, Short Messaging Service) etc..
Memory 1102 can be used for storage software program and module, and processor 1108 is stored in memory by operation
1102 software program and module, so as to perform various functions application and data processing.Memory 1102 can mainly include
Storing program area and storage data field, wherein, storing program area can storage program area, the application journey needed at least one function
Sequence (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored to be made according to key escrow server
With data (such as voice data, phone directory etc.) created etc..In addition, memory 1102 can be deposited including high random access
Reservoir, can also include nonvolatile memory, for example, at least a disk memory, flush memory device or other volatibility
Solid-state memory.Correspondingly, memory 1102 can also include Memory Controller, single to provide processor 1108 and input
The access of first 1103 pairs of memories 1102.
Input unit 1103 can be used for the numeral or character information for receiving input, and produce and user setting and function
Control related keyboard, mouse, operation lever, optics or the input of trace ball signal.Specifically, in a specific embodiment
In, input unit 1103 may include touch sensitive surface and other input equipments.Touch sensitive surface, also referred to as touch display screen or tactile
Control plate, collect user on it or neighbouring touch operation (such as user using any suitable object such as finger, stylus or
Operation of the annex on touch sensitive surface or near touch sensitive surface), and corresponding connection dress is driven according to formula set in advance
Put.Alternatively, touch sensitive surface may include both touch detecting apparatus and touch controller.Wherein, touch detecting apparatus is examined
The touch orientation of user is surveyed, and detects the signal that touch operation is brought, transmits a signal to touch controller;Touch controller from
Touch information is received on touch detecting apparatus, and is converted into contact coordinate, then gives processor 1108, and can reception processing
Order that device 1108 is sent simultaneously is performed.It is furthermore, it is possible to more using resistance-type, condenser type, infrared ray and surface acoustic wave etc.
Type realizes touch sensitive surface.Except touch sensitive surface, input unit 1103 can also include other input equipments.Specifically, its
His input equipment can include but is not limited to physical keyboard, function key (such as volume control button, switch key etc.), track
One or more in ball, mouse, operation lever etc..
Display unit 1104 can be used for display by information input by user or be supplied to the information and key escrow of user
The various graphical user interface of server, these graphical user interface can be by figure, text, icon, video and its any groups
Close to form.Display unit 1104 may include display panel, it is alternatively possible to using liquid crystal display (LCD, Liquid
Crystal Display), the form such as Organic Light Emitting Diode (OLED, Organic Light-Emitting Diode) matches somebody with somebody
Put display panel.Further, touch sensitive surface can cover display panel, when touch sensitive surface detects on it or neighbouring touch
After operation, processor 1108 is sent to determine the type of touch event, is followed by subsequent processing type of the device 1108 according to touch event
Corresponding visual output is provided on a display panel.Although in fig. 11, touch sensitive surface and display panel are as two independences
Component realize input and input function, but in some embodiments it is possible to touch sensitive surface and display panel are integrated and
Realization outputs and inputs function.
Key escrow server may also include at least one sensor 1105, for example, optical sensor, motion sensor and
Other sensors.Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein, ambient light sensor can
The brightness of display panel is adjusted according to the light and shade of ambient light, proximity sensor can be moved in one's ear in key escrow server
When, close display panel and/or backlight.As one kind of motion sensor, gravity accelerometer can detect all directions
The size of upper (generally three axis) acceleration, can detect that size and the direction of gravity, available for identification mobile phone posture when static
Application (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (for example pedometer, strikes
Hit) etc.;The gyroscope that can also configure as key escrow server, barometer, hygrometer, thermometer, infrared ray sensor etc.
Other sensors, details are not described herein.
Voicefrequency circuit 1106, loudspeaker, microphone can provide the audio interface between user and key escrow server.Sound
The transformed electric signal of the voice data received can be transferred to loudspeaker, sound is converted to by loudspeaker by frequency circuit 1106
Signal output;On the other hand, the voice signal of collection is converted to electric signal by microphone, is changed after being received by voicefrequency circuit 1106
For voice data, then after voice data output processor 1108 is handled, through RF circuits 1101 to be sent to such as another secret key
Entrust Server, or voice data is exported to memory 1102 further to handle.Voicefrequency circuit 1106 is also possible to wrap
Earphone jack is included, to provide the communication of peripheral hardware earphone and key escrow server.
WiFi belongs to short range wireless transmission technology, and key escrow server can help user by WiFi module 1107
Send and receive e-mail, browse webpage and access streaming video etc., it has provided wireless broadband internet to the user and has accessed.Although
Figure 11 shows WiFi module 1107, but it is understood that, it is simultaneously not belonging to must be configured into for key escrow server, complete
It can be omitted as needed in the essential scope for do not change invention entirely.
Processor 1108 is the control centre of key escrow server, utilizes various interfaces and connection whole mobile phone
Various pieces, by running or performing the software program and/or module that are stored in memory 1102, and call and are stored in
Data in reservoir 1102, perform the various functions and processing data of key escrow server, so as to carry out overall prison to mobile phone
Control.Alternatively, processor 1108 may include one or more processing cores;Preferably, processor 1108 can be integrated using processing
Device and modem processor, wherein, application processor mainly handles operating system, user interface and application program etc., modulation
Demodulation processor mainly handles wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processing
In device 1108.
Key escrow server further includes the power supply 1109 (such as battery) to all parts power supply, it is preferred that power supply can
With logically contiguous by power-supply management system and processor 1108, so that charged, discharged by power-supply management system realization management,
And the function such as power managed.Power supply 1109 can also include one or more direct current or AC power, recharge
The random component such as system, power failure detection circuit, power supply changeover device or inverter, power supply status indicator.
Although being not shown, key escrow server can also include camera, bluetooth module etc., and details are not described herein.Tool
In the present embodiment, the processor 1108 in key escrow server can run one or one be stored in memory 1102 to body
Programmed instruction more than a, so as to fulfill the secret key method for retrieving provided in above-mentioned each embodiment of the method.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
To instruct relevant hardware to complete by program, which can be stored in a computer-readable recording medium, the meter
Calculation machine readable storage medium storing program for executing can be computer-readable recording medium included in memory in above-described embodiment;Can also
It is individualism, without the computer-readable recording medium in supplying terminal.Be stored with the computer-readable recording medium to
Few an instruction, at least one section of program, code set or instruction set, it is at least one instruction, at least one section of program, described
Code set or instruction set are loaded by the processor and performed to realize the secret key method for retrieving as described in Fig. 1 to Fig. 7 is any.Can
Selection of land, the computer-readable recording medium can include:Read-only storage (ROM, Read Only Memory), arbitrary access note
Recall body (RAM, Random Access Memory), solid state hard disc (SSD, Solid State Drives) or CD etc..Wherein,
Random access memory can include resistive random access memory body (ReRAM, Resistance Random Access
) and dynamic random access memory (DRAM, Dynamic Random Access Memory) Memory.Above-mentioned the application is implemented
Example sequence number is for illustration only, does not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment
To complete, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is merely the preferred embodiment of the application, not to limit the application, it is all in spirit herein and
Within principle, any modification, equivalent replacement, improvement and so on, should be included within the protection domain of the application.
Claims (15)
- A kind of 1. secret key method for retrieving, it is characterised in that the described method includes:Obtain threshold value k;According to the threshold value k, send at least k times to key escrow server and obtain request, i-th of acquisition request is used for please I-th of sub- secret key string for obtaining target secret key is sought, the key escrow server is connected with m memory node, and the target is secret Key is divided into n sub- secret key strings and is respectively stored in the n memory nodes, 0≤i≤k, 2≤k≤n≤m;Obtain at least k sub- secret key strings of the key escrow server feedback;The target secret key is reconstructed according at least k sub- secret key strings.
- 2. according to the method described in claim 1, it is characterized in that, described according to the threshold value k, to key escrow service Device sends at least k times and obtains request, including:The correspondence to prestore is obtained, first flag and the memory node of the correspondence including the sub- secret key string Correspondence between second identifier;Determine the first flag of the sub- secret key string of to be obtained described i-th, existed according to the first flag of described i-th sub- secret key string The second identifier of i-th of memory node is inquired in the correspondence;Described i-th is sent to the key escrow server and obtains request, and i-th of acquisition request carries described i-th The first flag of a sub- secret key string and the second identifier of i-th of memory node.
- 3. according to the method described in claim 1, it is characterized in that, at least k described in the basis sub- secret key strings reconstruct institute Target secret key is stated, including:The target secret key is reconstructed according at least k sub- secret key strings by Lagrange's interpolation algorithm.
- 4. method according to any one of claims 1 to 3, it is characterised in that the acquisition key escrow server is anti- At least k sub- secret key strings of feedback, including:Decryption secret key is obtained from secret key server by reserved mailbox or client-side program;Receive at least k encrypted cipher text of the key escrow server feedback;It is decrypted by least k encrypted cipher text described in the decryption secret key pair, obtains at least k sub- secret key strings.
- 5. method according to any one of claims 1 to 3, it is characterised in that it is described according to the threshold value k, to secret key Before Entrust Server sends at least k times acquisition request, further include:First certification certificate is sent to the key escrow server;The second certification certificate that the key escrow server is sent is obtained, the second certification certificate is the key escrow clothes Business device is to the certificate that is sent after the first certification certificate success identity;The second certification certificate is authenticated.
- 6. method according to any one of claims 1 to 3, it is characterised in that before the acquisition threshold value k, further include:The target secret key is divided into by n sub- secret key strings according to the threshold value k, it is any in the n sub- secret key strings At least k sub- secret key strings are used to rebuild the target secret key;N storage request is sent to the key escrow server, i-th of storage request is used to ask the i-th of target secret key A sub- secret key string is stored to i-th of memory node;Obtain the storage result of the key escrow server feedback.
- 7. according to the method described in claim 6, it is characterized in that, described be divided into n sub- secret key strings by the target secret key, Including:The target secret key is divided into by n sub- secret key strings by Lagrange's interpolation algorithm.
- A kind of 8. secret key method for retrieving, it is characterised in that applied in key escrow server, the key escrow server with M memory node is connected, the described method includes:At least k times acquisition request that receiving terminal is sent, i-th of acquisition is asked sub for i-th of acquisition request target secret key Secret key string, the target secret key are divided into n sub- secret key strings and are respectively stored in the n memory nodes, 0≤i≤k, 2≤ k≤n≤m;Obtained and asked according to described at least k times, at least k sub- secret key strings are obtained from the n memory node;At least k sub- secret key strings are sent to the terminal.
- 9. according to the method described in claim 8, it is characterized in that, at least k times acquisition request that the receiving terminal is sent, bag Include:Send i-th of receiving terminal obtains request, obtains request carries described i-th sub- secret key string for described i-th The second identifier of one mark and i-th of memory node.
- 10. a kind of secret key device for retrieving, it is characterised in that described device includes:First acquisition module, for obtaining threshold value k;First sending module, obtains for according to the threshold value k, at least k time to be sent to key escrow server and asks, the I obtains i-th sub- secret key string of the request for acquisition request target secret key, and the key escrow server is saved with m storage Point is connected, and the target secret key is divided into n sub- secret key strings and is respectively stored in the n memory node, 0≤i≤k, 2≤ k≤n≤m;First acquisition module, is additionally operable to obtain at least k sub- secret key strings of the key escrow server feedback;Module is rebuild, the target secret key is reconstructed at least k sub- secret key strings according to.
- 11. a kind of secret key device for retrieving, it is characterised in that the secret key device for retrieving is connected with m memory node, described device Including:Receiving module, obtains request, i-th of acquisition request is used for acquisition request target at least k times that receiving terminal is sent I-th of sub- secret key string of secret key, the target secret key are divided into n sub- secret key strings and are respectively stored in the n memory nodes In, 0≤i≤k, 2≤k≤n≤m;Second acquisition module, at least k times acquisition request according to, obtains at least k son from the n memory node Secret key string;Second sending module, for sending at least k sub- secret key strings to the terminal.
- 12. a kind of terminal, it is characterised in that the terminal includes processor and memory, is stored with least in the memory One instruction, at least one section of program, code set or instruction set, at least one instruction, at least one section of program, the generation Code collection or instruction set are loaded by the processor and performed to realize the secret key method for retrieving as described in claim 1 to 7 is any.
- 13. a kind of key escrow server, it is characterised in that the key escrow server includes processor and memory, institute State and at least one instruction, at least one section of program, code set or instruction set are stored with memory, at least one instruction, institute At least one section of program, the code set or instruction set is stated to be loaded by the processor and performed to realize such as claim 8 or 9 Secret key method for retrieving described in one.
- 14. a kind of computer-readable recording medium, it is characterised in that at least one instruction, extremely is stored with the storage medium Few one section of program, code set or instruction set, at least one instruction, at least one section of program, the code set or the instruction Collection is loaded by the processor and performed to realize the secret key method for retrieving as described in claim 1 to 7 is any.
- 15. a kind of computer-readable recording medium, it is characterised in that at least one instruction, extremely is stored with the storage medium Few one section of program, code set or instruction set, at least one instruction, at least one section of program, the code set or the instruction Collection is loaded by the processor and performed to realize the secret key method for retrieving as described in claim 8 or 9 is any.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711026657.5A CN107979461B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal, key escrow server and readable medium |
CN202010455600.2A CN111600710B (en) | 2017-10-27 | 2017-10-27 | Key storage method, device, terminal, server and readable medium |
CN202010455890.0A CN111585760B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal and readable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711026657.5A CN107979461B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal, key escrow server and readable medium |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010455890.0A Division CN111585760B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal and readable medium |
CN202010455600.2A Division CN111600710B (en) | 2017-10-27 | 2017-10-27 | Key storage method, device, terminal, server and readable medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107979461A true CN107979461A (en) | 2018-05-01 |
CN107979461B CN107979461B (en) | 2020-07-17 |
Family
ID=62012744
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010455890.0A Active CN111585760B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal and readable medium |
CN202010455600.2A Active CN111600710B (en) | 2017-10-27 | 2017-10-27 | Key storage method, device, terminal, server and readable medium |
CN201711026657.5A Active CN107979461B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal, key escrow server and readable medium |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010455890.0A Active CN111585760B (en) | 2017-10-27 | 2017-10-27 | Key retrieving method, device, terminal and readable medium |
CN202010455600.2A Active CN111600710B (en) | 2017-10-27 | 2017-10-27 | Key storage method, device, terminal, server and readable medium |
Country Status (1)
Country | Link |
---|---|
CN (3) | CN111585760B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737105A (en) * | 2018-05-07 | 2018-11-02 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Method for retrieving, device, private key equipment and the medium of private key |
CN109302400A (en) * | 2018-10-17 | 2019-02-01 | 成都安恒信息技术有限公司 | A kind of cryptographic asset deriving method for O&M auditing system |
CN109787762A (en) * | 2019-02-28 | 2019-05-21 | 矩阵元技术(深圳)有限公司 | Key management method, the electronic equipment of each self-generating key components of server |
CN109981591A (en) * | 2019-02-28 | 2019-07-05 | 矩阵元技术(深圳)有限公司 | Single client generates key management method, the electronic equipment of private key |
CN110430042A (en) * | 2019-06-28 | 2019-11-08 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method storing code key in isomery redundant system |
CN110830242A (en) * | 2019-10-16 | 2020-02-21 | 聚好看科技股份有限公司 | Key generation and management method and server |
WO2020168544A1 (en) * | 2019-02-22 | 2020-08-27 | 云图有限公司 | Data processing method and device |
CN111861741A (en) * | 2020-06-23 | 2020-10-30 | 广东贝莱蔻生物科技有限公司 | Supply chain creditor transfer and tracing method and system based on block chain |
CN116170142A (en) * | 2023-04-20 | 2023-05-26 | 北京信安世纪科技股份有限公司 | Distributed collaborative decryption method, device and storage medium |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112235104B (en) * | 2020-10-23 | 2022-12-23 | 苏州浪潮智能科技有限公司 | Data encryption transmission method, system, terminal and storage medium |
CN112600833A (en) * | 2020-12-09 | 2021-04-02 | 上海文广科技(集团)有限公司 | Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre |
CN113190833B (en) * | 2021-06-01 | 2022-11-18 | 浙江大华技术股份有限公司 | Authority processing method and device, storage medium and electronic device |
CN115102708B (en) * | 2022-05-05 | 2024-04-09 | 阿里巴巴(中国)有限公司 | Data processing method and device |
CN117811735A (en) * | 2024-03-01 | 2024-04-02 | 云筑信息科技(成都)有限公司 | Key escrow method and device based on social relationship graph |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805337A (en) * | 2005-01-14 | 2006-07-19 | 中兴通讯股份有限公司 | Secret shared key mechanism based user management method |
CN101064599A (en) * | 2006-04-26 | 2007-10-31 | 华为技术有限公司 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
CN101621375A (en) * | 2009-07-28 | 2010-01-06 | 成都市华为赛门铁克科技有限公司 | Method, device and system for managing key |
CN102857339A (en) * | 2012-09-12 | 2013-01-02 | 无锡科技职业学院 | Secret distribution sharing and recovery recombining method based on sequences |
CN102957534A (en) * | 2011-08-19 | 2013-03-06 | 国民技术股份有限公司 | Method and system for uniform identification of multiple terminals |
EP2680486A1 (en) * | 2012-06-29 | 2014-01-01 | Orange | Key management |
CN104503708A (en) * | 2014-12-29 | 2015-04-08 | 成都致云科技有限公司 | Data hash storage method and device |
CN104917609A (en) * | 2015-05-19 | 2015-09-16 | 华中科技大学 | Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception |
CN105897409A (en) * | 2014-05-13 | 2016-08-24 | 无锡科技职业学院 | Secret key management method based on crypto chip |
US20170026173A1 (en) * | 2015-07-20 | 2017-01-26 | Sony Corporation Of America | Distributed object routing |
CN106686008A (en) * | 2017-03-03 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Information storage method and information storage device |
CN106911469A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | Key read method and device |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3656688B2 (en) * | 1997-03-31 | 2005-06-08 | 栄司 岡本 | Cryptographic data recovery method and key registration system |
US6182214B1 (en) * | 1999-01-08 | 2001-01-30 | Bay Networks, Inc. | Exchanging a secret over an unreliable network |
CN102523086B (en) * | 2011-12-07 | 2014-12-24 | 上海交通大学 | Key recovery method in privacy protection cloud storage system |
US9413735B1 (en) * | 2015-01-20 | 2016-08-09 | Ca, Inc. | Managing distribution and retrieval of security key fragments among proxy storage devices |
CN105871538B (en) * | 2015-01-22 | 2019-04-12 | 阿里巴巴集团控股有限公司 | Quantum key distribution system, quantum key delivering method and device |
CN106548345B (en) * | 2016-12-07 | 2020-08-21 | 北京信任度科技有限公司 | Method and system for realizing block chain private key protection based on key partitioning |
-
2017
- 2017-10-27 CN CN202010455890.0A patent/CN111585760B/en active Active
- 2017-10-27 CN CN202010455600.2A patent/CN111600710B/en active Active
- 2017-10-27 CN CN201711026657.5A patent/CN107979461B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805337A (en) * | 2005-01-14 | 2006-07-19 | 中兴通讯股份有限公司 | Secret shared key mechanism based user management method |
CN101064599A (en) * | 2006-04-26 | 2007-10-31 | 华为技术有限公司 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
CN101621375A (en) * | 2009-07-28 | 2010-01-06 | 成都市华为赛门铁克科技有限公司 | Method, device and system for managing key |
CN102957534A (en) * | 2011-08-19 | 2013-03-06 | 国民技术股份有限公司 | Method and system for uniform identification of multiple terminals |
EP2680486A1 (en) * | 2012-06-29 | 2014-01-01 | Orange | Key management |
CN102857339A (en) * | 2012-09-12 | 2013-01-02 | 无锡科技职业学院 | Secret distribution sharing and recovery recombining method based on sequences |
CN105897409A (en) * | 2014-05-13 | 2016-08-24 | 无锡科技职业学院 | Secret key management method based on crypto chip |
CN104503708A (en) * | 2014-12-29 | 2015-04-08 | 成都致云科技有限公司 | Data hash storage method and device |
CN104917609A (en) * | 2015-05-19 | 2015-09-16 | 华中科技大学 | Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception |
US20170026173A1 (en) * | 2015-07-20 | 2017-01-26 | Sony Corporation Of America | Distributed object routing |
CN106911469A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | Key read method and device |
CN106686008A (en) * | 2017-03-03 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Information storage method and information storage device |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737105A (en) * | 2018-05-07 | 2018-11-02 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Method for retrieving, device, private key equipment and the medium of private key |
CN109302400A (en) * | 2018-10-17 | 2019-02-01 | 成都安恒信息技术有限公司 | A kind of cryptographic asset deriving method for O&M auditing system |
WO2020168544A1 (en) * | 2019-02-22 | 2020-08-27 | 云图有限公司 | Data processing method and device |
CN109787762A (en) * | 2019-02-28 | 2019-05-21 | 矩阵元技术(深圳)有限公司 | Key management method, the electronic equipment of each self-generating key components of server |
CN109981591A (en) * | 2019-02-28 | 2019-07-05 | 矩阵元技术(深圳)有限公司 | Single client generates key management method, the electronic equipment of private key |
CN109787762B (en) * | 2019-02-28 | 2021-09-21 | 矩阵元技术(深圳)有限公司 | Key management method for server to generate key components respectively and electronic equipment |
CN109981591B (en) * | 2019-02-28 | 2021-09-21 | 矩阵元技术(深圳)有限公司 | Key management method for generating private key by single client and electronic equipment |
CN110430042A (en) * | 2019-06-28 | 2019-11-08 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method storing code key in isomery redundant system |
CN110830242A (en) * | 2019-10-16 | 2020-02-21 | 聚好看科技股份有限公司 | Key generation and management method and server |
CN111861741A (en) * | 2020-06-23 | 2020-10-30 | 广东贝莱蔻生物科技有限公司 | Supply chain creditor transfer and tracing method and system based on block chain |
CN116170142A (en) * | 2023-04-20 | 2023-05-26 | 北京信安世纪科技股份有限公司 | Distributed collaborative decryption method, device and storage medium |
CN116170142B (en) * | 2023-04-20 | 2023-07-18 | 北京信安世纪科技股份有限公司 | Distributed collaborative decryption method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107979461B (en) | 2020-07-17 |
CN111600710A (en) | 2020-08-28 |
CN111585760A (en) | 2020-08-25 |
CN111585760B (en) | 2023-04-18 |
CN111600710B (en) | 2023-01-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107979461A (en) | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium | |
CN106686008B (en) | Information storage means and device | |
CN104821937B (en) | Token acquisition methods, apparatus and system | |
CN106789089B (en) | The method, apparatus and system and server of management certificate | |
CN104836664B (en) | A kind of methods, devices and systems executing business processing | |
CN107070909A (en) | Method for sending information, message receiving method, apparatus and system | |
CN103716793B (en) | Access-in point information sharing method and device | |
CN103701926B (en) | A kind of methods, devices and systems for obtaining fault reason information | |
CN113395159B (en) | Data processing method based on trusted execution environment and related device | |
CN104468464B (en) | verification method, device and system | |
CN104580167B (en) | A kind of methods, devices and systems transmitting data | |
CN104376353B (en) | The generation of Quick Response Code, read method, terminal and server | |
CN103634294B (en) | Information verifying method and device | |
CN108809906B (en) | Data processing method, system and device | |
CN109600223A (en) | Verification method, Activiation method, device, equipment and storage medium | |
CN104580177B (en) | Resource provider method, device and system | |
CN106850220A (en) | Data ciphering method, data decryption method and device | |
CN106845177A (en) | Cipher management method and system | |
CN105491067A (en) | Key-based business security verification method and device | |
CN104967601A (en) | Data processing method and apparatus | |
CN107154935A (en) | service request method and device | |
US20210250171A1 (en) | Data processing method and device | |
CN111475832B (en) | Data management method and related device | |
CN104954126A (en) | Sensitive operation verification method, device and system | |
CN109257336A (en) | It is a kind of based on the encrypted message processing method of block chain, terminal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |