CN108737105A - Method for retrieving, device, private key equipment and the medium of private key - Google Patents
Method for retrieving, device, private key equipment and the medium of private key Download PDFInfo
- Publication number
- CN108737105A CN108737105A CN201810427694.5A CN201810427694A CN108737105A CN 108737105 A CN108737105 A CN 108737105A CN 201810427694 A CN201810427694 A CN 201810427694A CN 108737105 A CN108737105 A CN 108737105A
- Authority
- CN
- China
- Prior art keywords
- private key
- terminal
- stored
- sub
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of method for retrieving of private key, device, private key equipment and media.This method includes:First terminal gives private key request for change to second terminal transmission;According to threshold signature scheme and give private key request for change, second terminal, which is pre-stored sub- private key and is pre-stored sub- private key with third terminal, signs, and obtains final signed data;Pass through the intelligent final signed data of contract certification on block chain;After certification passes through, from pre-stored M slice, thin pieces private key selecting sub- private key is issued to first terminal.The scheme provided according to embodiments of the present invention, by being pre-stored M slice, thin piece private keys at key storage center in advance so that after sub- private key loss, sub- private key can be given for change from being pre-stored in M slice, thin piece private keys in key storage center, be traded by the sub- private key given for change.The phenomenon that appearance can not merchandise since complete private key is lost not only is avoided in this way, but also can improve the flexibility of private key.
Description
Technical field
The present invention relates to computer realm more particularly to a kind of method for retrieving of private key, device, private key equipment and media.
Background technology
With the rise of digital cash, numerous digital cash wallets are emerged, how to ensure the safety of digital cash wallet
Just become a major issue.One transaction is weighed really or the certification of message integrity, needs key (private key and public key) to it
Signature is carried out with sign test to ensure.
Since current private key is all complete, if private key is lost, user is difficult to be traded, so improving private key in number
Safety in word currency wallet becomes urgent problem to be solved.
Invention content
The embodiment of the present invention provide private key method for retrieving, device, private key equipment and medium, can private key loss after,
It is retrieved in time, improves the safety and flexibility of private key.
According to a first aspect of the embodiments of the present invention, a kind of method for retrieving of private key is provided, the method for retrieving includes:
First terminal gives private key request for change to second terminal transmission;
It is asked according to threshold signature scheme and the private key of giving for change, second terminal is pre-stored sub- private key and prestores with third terminal
It stores up sub- private key to sign, obtains final signed data;
Pass through final signed data described in the intelligent contract certification on block chain;
After certification passes through, from pre-stored M slice, thin pieces private key selecting sub- private key is issued to the first terminal.
According to a second aspect of the embodiments of the present invention, a kind of device for retrieving of private key is provided, the device for retrieving includes:
First terminal, second terminal, third terminal, certification terminal and key storage center;
The first terminal, for giving private key request for change to second terminal transmission;
Second terminal is pre-stored by the second terminal for being asked according to threshold signature scheme and the private key of giving for change
Sub- private key is pre-stored sub- private key with third terminal and signs, and obtains final signed data;
The third terminal, for giving the final signed data hair to the certification terminal,
The certification terminal, for passing through final signed data described in the intelligent contract certification on block chain;
Sub- private key granting is appointed in the key storage center for after certification passes through, being selected from pre-stored M slice, thin pieces private key
To the first terminal.
According to a third aspect of the embodiments of the present invention, a kind of private key equipment is provided, the private key equipment includes:Processor with
And it is stored with the memory of computer program instructions;
The processor realizes the method for retrieving of the private key described in first aspect when executing the computer program instructions.
According to a fourth aspect of the embodiments of the present invention, a kind of computer readable storage medium, which is characterized in that the calculating
Computer program instructions are stored on machine readable storage medium storing program for executing, the computer program instructions realize first when being executed by processor
The method for retrieving of private key described in aspect.
Method, apparatus, private key equipment and medium according to embodiments of the present invention are made by prestoring M slice, thin piece private keys
It obtains after sub- private key loss, sub- private key can be given for change from pre-stored M slice, thin pieces private key, be traded by the sub- private key given for change.
The phenomenon that appearance can not merchandise since complete private key is lost not only is avoided in this way, but also can improve the flexibility of private key.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention
Attached drawing is briefly described, for those of ordinary skill in the art, without creative efforts, also
It can be obtain other attached drawings according to these attached drawings.
Fig. 1 is the flow chart of the method for retrieving for the private key for showing the embodiment of the present invention;
Fig. 2 is the detail flowchart of the method for retrieving for the private key for showing another embodiment of the present invention;
Fig. 3 is the schematic diagram for the distribution for showing client private key of the embodiment of the present invention;
Fig. 4 is the schematic diagram for the System Back-end private key distribution for showing business bank of the embodiment of the present invention;
Fig. 5 is the flow chart for the verification process for showing the embodiment of the present invention;
Fig. 6 is the flow chart of the method for retrieving for the private key for showing another embodiment of the present invention;
Fig. 7 is the structural schematic diagram for the device for retrieving for showing private key provided in an embodiment of the present invention;
Fig. 8 is to show to realize the exemplary hard of the computing device of method for retrieving and device according to the ... of the embodiment of the present invention
The structure chart of part framework.
Specific implementation mode
The feature and exemplary embodiment of various aspects of the invention is described more fully below, in order to make the mesh of the present invention
, technical solution and advantage be more clearly understood, with reference to the accompanying drawings and embodiments, the present invention is further retouched in detail
It states.It should be understood that specific embodiment described herein is only configured to explain the present invention, it is not configured as limiting the present invention.
To those skilled in the art, the present invention can be real in the case of some details in not needing these details
It applies.Below to the description of embodiment just for the sake of by showing that the example of the present invention is better understood from the present invention to provide.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence " including ... ", it is not excluded that including
There is also other identical elements in the process, method, article or equipment of the element.
(2,3) thresholding private key refers to by private key fragment into 3 sub- private keys of fragment, second terminal in embodiments of the present invention
(business bank), third terminal (Central Bank) obtain 1 sub- private key of fragment, 3 fragments respectively with first terminal (client)
Arbitrary 2 in sub- private key are signed together, you can it is 2 to complete signature namely thresholding.But (2,3) thresholding private key exists centainly
Defect, for example the sub- private key of first terminal fragment loses or forgets, it is private that fragment can only be reacquired by way of resetting
Key, and participating parties is distributed again, the efficiency for reducing abnormal flow processing increases complexity.Therefore, in order to
The defect present invention is overcome to implement following technical solution.
In order to better understand the present invention, below in conjunction with attached drawing, private key according to the ... of the embodiment of the present invention is described in detail
Method for retrieving, device and medium, it should be noted that these embodiments are not for limiting the scope of the present disclosure.
Fig. 1 is the flow chart of the method for retrieving for the private key for showing the embodiment of the present invention.
As shown in Figure 1, the method for retrieving 100 of the private key in the embodiment of the present invention includes the following steps:
Step S110, first terminal give private key request for change to second terminal transmission.
In this step, the embodiment of the present invention is an embodiment participated in many ways, and first terminal or second terminal can
Think the System Back-end of client or business bank.Such as:When first terminal is client, then second terminal is business bank
System Back-end.
Step S120 according to threshold signature scheme and gives private key request for change, and it is whole with third that second terminal is pre-stored sub- private key
End is pre-stored sub- private key and signs, and obtains final signed data.
In this step, second terminal, which is pre-stored sub- private key and is pre-stored sub- private key with third terminal, signs, such as:Visitor
Family end is repeatedly signed with System Back-end, is specifically determined by the threshold signature scheme of sub- private key, and threshold signature scheme is
Refer to the group of n member composition, any no less than t member cooperates that signature can be generated in group, any to cooperate all less than t member
It can not forge a signature.
It also should be noted that second terminal is pre-stored sub- private key and prestores with third terminal in embodiments of the present invention
Sub- private key is stored up repeatedly to be signed, when number of signing is 4 times, i.e., signature process needs 4 data transmissions, such as:For the first time
Client first generates a data A with the sub- private key signature of oneself.Second of System Back-end generates data B according to data A signatures.
Third time client, which needs to be signed again according to data B, generates data C.Fourth system rear end needs to be generated according to data C signatures
Data D becomes final signed data E.
It is signed in this step by repeatedly interaction, improves the accuracy of subsequent authentication.
Step S130 passes through the intelligent final signed data of contract certification on block chain.
In this step, block chain (Blockchain) is Distributed Storage, point-to-point transmission, common recognition mechanism, adds
The new application pattern of the computer technologies such as close algorithm.So-called common recognition mechanism is built between realizing different nodes in block catenary system
The vertical mathematical algorithm trusted, obtain equity.
And intelligent contract is for user perspective, intelligent contract is typically considered an automatic security account, for example, working as
When specific condition meets, the contract program in intelligent contract will discharge and shift fund automatically.
Technically, intelligent contract is considered as network server, and only these servers are not to use IP
Address is set up on the internet, but is erected on block chain.So as to run specific contract program in the above.
But unlike network server, owner is it can be seen that intelligent contract, because of these intelligent contracts
Code and state all on block chain (assuming that block chain is disclosed).Moreover, unlike network server, intelligent contract
Some specific hardware device is not depended on, in fact, the contract program of intelligent contract is executed by all equipment for participating in digging mine.
Intelligent contract is the assembler language being programmed on block chain.The execution of the intelligence contract is automatic or successfully
It executes or all state changes is all cancelled (including the information sent or received from the contract currently to fail).
Step S140, after certification passes through, from pre-stored M slice, thin pieces private key selecting sub- private key is issued to first terminal.
Method according to embodiments of the present invention, by being pre-stored M slice, thin piece private keys so that lost in the sub- private key of client
Afterwards, sub- private key can be given for change from being pre-stored in M slice, thin piece private keys in key storage center, is traded by the sub- private key given for change.
Not only avoid in this way appearance due to complete private key is lost and the phenomenon that can not merchandising, but also the flexibility of private key can be improved.Simultaneously
Be no longer limited to when private key is lost can only private key resetting restore, to simple flow and improve each participant efficiency.
Fig. 2 is the detail flowchart of the method for retrieving for the private key for showing another embodiment of the present invention.
As shown in Fig. 2, method for retrieving 200 includes:
Step 210, client gives private key request for change to System Back-end transmission.
Step 220, it is asked according to threshold signature scheme with private key is given for change, System Back-end and the Central Bank are repeatedly signed
Name.
Step 230, final signed data is sent to the intelligent contract on block chain by the Central Bank, carries out cochain.
Step 240, intelligent contract feedback provides sub- private key information and gives key storage center.
Step 250, sub- private key is selected to client granting in key storage center from pre-stored M slice, thin pieces private key.
In one embodiment, after certification passes through, from pre-stored M slice, thin pieces private key selecting sub- private key is issued to first terminal
Before, further include:
First terminal generates the first private key;
N slice, thin piece private keys are generated according to the first private key, and delete the first private key;
Arbitrary M slice, thin pieces private key is pre-stored in key storage center, M is the natural number more than or equal to 3, and N is big
In or equal to 6 natural number.
In one embodiment, second terminal be pre-stored sub- private key and third terminal to be pre-stored sub- private key be from first terminal
In the sub- private key arbitrarily selected in remaining N-M slice, thin pieces private key, and to be pre-stored sub- private key pre-stored with third terminal for second terminal
Sub- private key is different.
Here be to obtaining pre-stored M slice, thin pieces private key, second terminal is pre-stored sub- private key and the pre-stored son of third terminal is private
The process of key is described.
Fig. 3 is the schematic diagram for showing the distribution of client private key of the embodiment of the present invention.
When N is equal to 6, and M is equal to 3, the distribution method 300 of the private key of client includes the following steps in the present embodiment:
Step 310, client generates private key I.
Step 320, it is divided into 6 slice, thin piece private key Ii, i 1,2,3,4,5,6.
Step 330, private key I is deleted.
Step 340, a piece of I is preserved1。
Step 350, by I2, I3, I4Sub- private key is sent to key storage center.
In this step, I2, I3, I4Sub- private key is exactly the sub- private key being pre-stored in key storage center.
Step 360, when key storage center acknowledges receipt of I2, I3, I4After sub- private key, feedback acknowledgment information is to client.
Step 370, the I in client is deleted2, I3, I4Sub- private key.
Step 380, by I5Sub- private key is sent to the System Back-end of business bank.
In this step, I5Sub- private key is exactly that second terminal is pre-stored sub- private key.
Step 390, when the System Back-end of business bank acknowledges receipt of I5After sub- private key, feedback acknowledgment information is to client.
Step 3100, the I in client is deleted5Sub- private key.
Step 3110, by I6Sub- private key is sent to the Central Bank.
In this step, I6Sub- private key is exactly that third terminal is pre-stored sub- private key.
Step 3120, when the Central Bank acknowledges receipt of I5After sub- private key, feedback acknowledgment information is to client.
Step 3130, the I in client is deleted6Sub- private key.
Business bank's private key storage center of the embodiment of the present invention stores 3 sub- private keys of fragment, business bank's (System Back-end
Belong to or be hosted in business bank), the Central Bank, 3 side of client, each side respectively gets a slice, thin piece private key.Client and commercial silver
Row is responsible for the implementation of transaction, and business bank is responsible for the implementation of supervision with the Central Bank, and depositing for sub- private key is responsible at key storage center
Storage, ensures the safety of digital cash transaction in this way, while also taking into account the supervision demand for realizing the Central Bank, improves private key
Safety also achieves the flexibility of private key.
Fig. 4 is the schematic diagram for the System Back-end private key distribution for showing business bank of the embodiment of the present invention.
The System Back-end private key distribution of business bank in Fig. 4 is identical as the private key distribution of the client in Fig. 3, herein not
Do detailed parsing explanation.
Fig. 5 is the flow chart for the verification process for showing the embodiment of the present invention.
In one embodiment, as shown in figure 5, step S130 passes through the intelligent final number of signature of contract certification on block chain
According to, including:
S131 is based on final signed data, and corresponding intelligent contract is found on block chain.
S132 is obtained corresponding with the private key that first terminal generates according to preset number signature algorithm on intelligent contract
Public key.
In this step, public key can extremely accurate be found by preset number signature algorithm, improves the standard of lookup
True property.
Preset number signature algorithm is mainly used for the algorithm that public key carries out signature authentication with private key in embodiments of the present invention,
Digital Signature Algorithm (DSA-Digital Signature Algorithm, DSA), not merely only public key, private key, also count
Word is signed.Private key encryption generates digital signature, public key verifications private key data and digital signature, if private key data and digital signature
Mismatch then thinks authentication failed.Therefore, by Digital Signature Algorithm may insure sub- private key data in transmission process not by
Modification.
S133 passes through the final signed data of authentication public key.
The embodiment of the present invention is authenticated by the intelligent contract on block chain, this may insure the standard of user identity
Really, while subsequently accurately key storage center can notified to provide sub- private key to first terminal.
Fig. 6 is the flow chart of the method for retrieving for the private key for showing another embodiment of the present invention.Fig. 6 is identical as Fig. 1 or equivalent
The step of use identical label.As shown in fig. 6, method for retrieving 600 is substantially identical to method for retrieving 100, the difference is that,
Method for retrieving 600 further includes:
S610, after pre-stored M slice, thin pieces private key is sent, first terminal sends resetting private key request to second terminal.
S620, according to threshold signature scheme and resetting private key request, it is pre- with third terminal that second terminal is pre-stored sub- private key
It stores sub- private key to sign, obtains signed data to be certified.
S630 passes through the intelligent contract certification signed data to be certified on block chain.
S640 regenerates private key after certification passes through according to resetting private key information, first terminal.
Method through the embodiment of the present invention can reset private key, can be avoided the occurrence of in this way since sub- private key is lost
The phenomenon that losing and can not being traded.
Below in conjunction with the accompanying drawings, device according to the ... of the embodiment of the present invention is discussed in detail.
Fig. 7 is the structural schematic diagram for the device for retrieving for showing private key provided in an embodiment of the present invention.As shown in fig. 7, giving for change
Device 700 includes:
First terminal 710, second terminal 720, third terminal 730, certification terminal 740 and key storage center 721;
First terminal 710, for giving private key request for change to the transmission of second terminal 720;
Second terminal 720, for being asked according to threshold signature scheme with private key is given for change, by the pre-stored son of second terminal 720
Private key is pre-stored sub- private key with third terminal 730 and signs, and obtains final signed data;
Third terminal 730, for by final signed data hair to certification terminal 740,
Certification terminal 740, for passing through the intelligent final signed data of contract certification on block chain;
Key storage center 721, for after certification passes through, from pre-stored M slice, thin pieces private key selecting sub- private key is issued to
First terminal 710.
In one embodiment, first terminal 710 are additionally operable to generate the first private key;And for generating N according to the first private key
Slice, thin piece private key, and delete first private key;Arbitrary M slice, thin pieces private key is pre-stored in key storage center 721, M be more than or
Person is equal to 3 natural number, and N is the natural number more than or equal to 6.
In one embodiment, second terminal 720 be pre-stored sub- private key and third terminal 730 to be pre-stored sub- private key be from
The sub- private key arbitrarily selected in remaining N-M slice, thin pieces private key in one terminal 710, and second terminal 720 is pre-stored sub- private key and
It is different that three terminals 730 are pre-stored sub- private key.
In one embodiment, certification terminal 740 is specifically used for being based on final signed data, be found on block chain pair
The intelligent contract answered;
And for according to preset number signature algorithm, the private key generated with first terminal 710 to be obtained on intelligent contract
Corresponding public key;Pass through the final signed data of authentication public key.
In one embodiment, first terminal 710 are additionally operable to send resetting private key request to second terminal 720;
Second terminal 720 is additionally operable to according to threshold signature scheme and resetting private key request, the pre-stored son of second terminal 720
Private key is pre-stored sub- private key with third terminal 730 and signs, and obtains signed data to be certified;
Certification terminal 740, is additionally operable to treat authentication signature data and is authenticated, and resetting private key letter is sent after certification passes through
It ceases to first terminal 710;
First terminal 710 is additionally operable to according to resetting private key information, and first terminal 710 regenerates private key.
Device according to embodiments of the present invention is made by being pre-stored M slice, thin piece private keys at key storage center 721 in advance
It obtains after private key loss, sub- private key can be given for change from being pre-stored in M slice, thin piece private keys in key storage center 721, pass through what is given for change
Sub- private key is traded.Not only avoid in this way appearance due to complete private key is lost and the phenomenon that can not merchandising, but also private can be improved
The flexibility of key.Be no longer limited to simultaneously when private key is lost can only private key resetting restore, to simple flow and improve
Each participant efficiency.
The other details of device for retrieving according to the ... of the embodiment of the present invention with above in association with Fig. 1 to Fig. 7 describe according to this hair
The method of bright embodiment is similar, and details are not described herein.
It can be realized by computing device in conjunction with Fig. 1 to Fig. 7 method for retrieving and device according to the ... of the embodiment of the present invention described.
Fig. 8 is the exemplary hardware architecture for showing to realize the computing device of method for retrieving and device according to the ... of the embodiment of the present invention
Structure chart.
As shown in figure 8, computing device 800 includes input equipment 801, input interface 802, central processing unit 803, memory
804, output interface 805 and output equipment 806.Wherein, input interface 802, central processing unit 803, memory 804 and
Output interface 805 is connected with each other by bus 810, and input equipment 801 and output equipment 806 pass through 802 He of input interface respectively
Output interface 805 is connect with bus 810, and then is connect with the other assemblies of computing device 800.Specifically, input equipment 801 connects
It receives from external input information, and input information is transmitted to by central processing unit 803 by input interface 802;Central processing
Device 803 is handled input information based on the computer executable instructions stored in memory 804 to generate output information, will
Output information is temporarily or permanently stored in memory 804, is then transmitted to output information by output interface 805 defeated
Go out equipment 806;Output information is output to the outside of computing device 800 for users to use by output equipment 806.
That is, computing device shown in Fig. 8 can also be implemented as include:It is stored with computer executable instructions
Memory;And processor, the processor may be implemented when executing computer executable instructions that Fig. 1 to Fig. 7 to be combined to describe
Method for retrieving and device.
It should be clear that the invention is not limited in specific configuration described above and shown in figure and processing.
For brevity, it is omitted here the detailed description to known method.In the above-described embodiments, several tools have been described and illustrated
The step of body, is as example.But procedure of the invention is not limited to described and illustrated specific steps, this field
Technical staff can be variously modified, modification and addition after the spirit for understanding the present invention, or suitable between changing the step
Sequence.
Functional block shown in structures described above block diagram can be implemented as hardware, software, firmware or their group
It closes.When realizing in hardware, it may, for example, be electronic circuit, application-specific integrated circuit (ASIC), firmware appropriate, insert
Part, function card etc..When being realized with software mode, element of the invention is used to execute program or the generation of required task
Code section.Either code segment can be stored in machine readable media program or the data-signal by being carried in carrier wave is passing
Defeated medium or communication links are sent." machine readable media " may include any medium for capableing of storage or transmission information.
The example of machine readable media includes electronic circuit, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), soft
Disk, CD-ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can be via such as internet, inline
The computer network of net etc. is downloaded.
It should also be noted that, the exemplary embodiment referred in the present invention, is retouched based on a series of step or device
State certain methods or system.But the present invention is not limited to the sequence of above-mentioned steps, that is to say, that can be according in embodiment
The sequence referred to executes step, may also be distinct from that the sequence in embodiment or several steps are performed simultaneously.
The above description is merely a specific embodiment, it is apparent to those skilled in the art that,
For convenience of description and succinctly, the system, module of foregoing description and the specific work process of unit can refer to preceding method
Corresponding process in embodiment, details are not described herein.It should be understood that scope of protection of the present invention is not limited thereto, it is any to be familiar with
Those skilled in the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or substitutions,
These modifications or substitutions should be covered by the protection scope of the present invention.
Claims (12)
1. a kind of method for retrieving of private key, which is characterized in that the method for retrieving includes:
First terminal gives private key request for change to second terminal transmission;
It is asked according to threshold signature scheme and the private key of giving for change, second terminal is pre-stored sub- private key and the pre-stored son of third terminal
Private key is signed, and final signed data is obtained;
Pass through final signed data described in the intelligent contract certification on block chain;
After certification passes through, from pre-stored M slice, thin pieces private key selecting sub- private key is issued to the first terminal.
2. method for retrieving according to claim 1, which is characterized in that after certification passes through, from pre-stored M slice, thin pieces private key
It selects sub- private key to be issued to before the first terminal, further includes:
The first terminal generates the first private key;
N slice, thin piece private keys are generated according to first private key, and delete first private key;
Arbitrary M slice, thin pieces private key is pre-stored in key storage center, M is the natural number more than or equal to 3, and N be more than or
Person is equal to 6 natural number.
3. method for retrieving according to claim 2, which is characterized in that the second terminal is pre-stored sub- private key and described
It is the sub- private key arbitrarily selected from remaining N-M slice, thin pieces private key in the first terminal that three terminals, which are pre-stored sub- private key, and
The second terminal is pre-stored sub- private key, and from the third terminal to be pre-stored sub- private key different.
4. method for retrieving according to claim 1, which is characterized in that the intelligent contract certification institute by block chain
Final signed data is stated, including:
Based on the final signed data, corresponding intelligent contract is found on block chain;
According to preset number signature algorithm, public affairs corresponding with the private key that the first terminal generates are obtained on the intelligent contract
Key;
Pass through final signed data described in the authentication public key.
5. according to any method for retrieving of claim 1-4, which is characterized in that it is described after certification passes through, from pre-stored M
Sub- private key is selected in slice, thin piece private key to be issued to after the first terminal, further includes:
After the pre-stored M slice, thin pieces private key is sent, the first terminal sends resetting private key to the second terminal and asks
It asks;
It is asked according to threshold signature scheme and the resetting private key, the second terminal is pre-stored sub- private key and the third terminal
It is pre-stored sub- private key to sign, obtains signed data to be certified;
Pass through signed data to be certified described in the intelligent contract certification on block chain;
Private key is regenerated according to resetting private key information, the first terminal after certification passes through.
6. a kind of device for retrieving of private key, which is characterized in that the device for retrieving includes:
First terminal, second terminal, third terminal, certification terminal and key storage center;
The first terminal, for giving private key request for change to second terminal transmission;
The second terminal, it is for being asked according to threshold signature scheme and the private key of giving for change, the pre-stored son of second terminal is private
Key is pre-stored sub- private key with third terminal and signs, and obtains final signed data;
The third terminal, for giving the final signed data hair to the certification terminal,
The certification terminal, for passing through final signed data described in the intelligent contract certification on block chain;
The key storage center appoints sub- private key to be issued to institute for after certification passes through, being selected from pre-stored M slice, thin pieces private key
State first terminal.
7. device for retrieving according to claim 6, which is characterized in that the first terminal is additionally operable to generate the first private key;
And for generating N slice, thin piece private keys according to first private key, and delete first private key;
Arbitrary M slice, thin pieces private key is pre-stored in the key storage center, M is the natural number more than or equal to 3, and N is big
In or equal to 6 natural number.
8. device for retrieving according to claim 7, which is characterized in that the second terminal is pre-stored sub- private key and described
It is the sub- private key arbitrarily selected from remaining N-M slice, thin pieces private key in the first terminal that three terminals, which are pre-stored sub- private key, and
The second terminal is pre-stored sub- private key, and from the third terminal to be pre-stored sub- private key different.
9. device for retrieving according to claim 6, which is characterized in that the certification terminal,
Specifically for being based on the final signed data, corresponding intelligent contract is found on block chain;
And for according to preset number signature algorithm, the private key generated with the first terminal to be obtained on the intelligent contract
Corresponding public key;
Pass through final signed data described in the authentication public key.
10. according to any device for retrieving of claim 6-9, which is characterized in that
The first terminal is additionally operable to send resetting private key request to the second terminal;
The second terminal is additionally operable to ask according to threshold signature scheme and the resetting private key, and the second terminal is pre-stored
Sub- private key is pre-stored sub- private key with the third terminal and signs, and obtains signed data to be certified;
The certification terminal is additionally operable to be authenticated the signed data to be certified, and resetting private is sent after certification passes through
Key information gives the first terminal;
The first terminal is additionally operable to according to resetting private key information, and the first terminal regenerates private key.
11. a kind of private key equipment, which is characterized in that the private key equipment includes:It processor and is stored with computer program and refers to
The memory of order;
The processor realizes the side of giving for change of private key according to any one of claims 1 to 5 when executing the computer program instructions
Method.
12. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program instruction, the computer program instructions realize looking for for private key according to any one of claims 1 to 5 when being executed by processor
Back method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810427694.5A CN108737105B (en) | 2018-05-07 | 2018-05-07 | Method and device for retrieving private key, private key equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810427694.5A CN108737105B (en) | 2018-05-07 | 2018-05-07 | Method and device for retrieving private key, private key equipment and medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108737105A true CN108737105A (en) | 2018-11-02 |
CN108737105B CN108737105B (en) | 2021-09-28 |
Family
ID=63937196
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810427694.5A Active CN108737105B (en) | 2018-05-07 | 2018-05-07 | Method and device for retrieving private key, private key equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737105B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109639421A (en) * | 2019-01-09 | 2019-04-16 | 山东浪潮质量链科技有限公司 | A kind of method that private key is given for change and server |
CN109660346A (en) * | 2019-01-16 | 2019-04-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Information trustship method, apparatus, equipment and computer storage medium |
CN109784888A (en) * | 2019-01-28 | 2019-05-21 | 杭州复杂美科技有限公司 | Red packet processing method, equipment and storage medium |
CN111275419A (en) * | 2020-01-17 | 2020-06-12 | 上海佩俪信息科技有限公司 | Block chain wallet signature right confirming method, device and system |
CN111385098A (en) * | 2018-12-29 | 2020-07-07 | 华为技术有限公司 | Key generation method and device |
CN112272087A (en) * | 2020-10-26 | 2021-01-26 | 链盟智能科技(广州)有限公司 | Application method in block chain based on safe multi-party calculation |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938353A (en) * | 2010-08-03 | 2011-01-05 | 北京海泰方圆科技有限公司 | Method for remotely resetting personal identification number (PIN) of key device |
CN103580855A (en) * | 2013-11-07 | 2014-02-12 | 江南大学 | Usbkey management plan based on sharing technology |
CN104954390A (en) * | 2015-07-17 | 2015-09-30 | 青岛大学 | Cloud storage integrity detection method for recovering lost secret keys and system applying cloud storage integrity detection method |
WO2017011601A1 (en) * | 2015-07-14 | 2017-01-19 | Fmr Llc | Computationally efficient transfer processing, auditing, and search apparatuses, methods and systems |
CN106548345A (en) * | 2016-12-07 | 2017-03-29 | 北京信任度科技有限公司 | The method and system of block chain private key protection are realized based on Secret splitting |
CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
CN107171796A (en) * | 2017-06-27 | 2017-09-15 | 济南浪潮高新科技投资发展有限公司 | A kind of many KMC key recovery methods |
CN107273759A (en) * | 2017-05-08 | 2017-10-20 | 上海点融信息科技有限责任公司 | Method, equipment and computer-readable recording medium for protecting block chain data |
CN107979461A (en) * | 2017-10-27 | 2018-05-01 | 财付通支付科技有限公司 | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium |
-
2018
- 2018-05-07 CN CN201810427694.5A patent/CN108737105B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938353A (en) * | 2010-08-03 | 2011-01-05 | 北京海泰方圆科技有限公司 | Method for remotely resetting personal identification number (PIN) of key device |
CN103580855A (en) * | 2013-11-07 | 2014-02-12 | 江南大学 | Usbkey management plan based on sharing technology |
WO2017011601A1 (en) * | 2015-07-14 | 2017-01-19 | Fmr Llc | Computationally efficient transfer processing, auditing, and search apparatuses, methods and systems |
CN104954390A (en) * | 2015-07-17 | 2015-09-30 | 青岛大学 | Cloud storage integrity detection method for recovering lost secret keys and system applying cloud storage integrity detection method |
CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
CN106548345A (en) * | 2016-12-07 | 2017-03-29 | 北京信任度科技有限公司 | The method and system of block chain private key protection are realized based on Secret splitting |
CN107273759A (en) * | 2017-05-08 | 2017-10-20 | 上海点融信息科技有限责任公司 | Method, equipment and computer-readable recording medium for protecting block chain data |
CN107171796A (en) * | 2017-06-27 | 2017-09-15 | 济南浪潮高新科技投资发展有限公司 | A kind of many KMC key recovery methods |
CN107979461A (en) * | 2017-10-27 | 2018-05-01 | 财付通支付科技有限公司 | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium |
Non-Patent Citations (1)
Title |
---|
沈文婷等: "具有私钥可恢复能力的云存储完整性检测方案", 《软件学报》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111385098A (en) * | 2018-12-29 | 2020-07-07 | 华为技术有限公司 | Key generation method and device |
CN109639421A (en) * | 2019-01-09 | 2019-04-16 | 山东浪潮质量链科技有限公司 | A kind of method that private key is given for change and server |
CN109639421B (en) * | 2019-01-09 | 2021-09-21 | 山东浪潮质量链科技有限公司 | Method for retrieving private key and server |
CN109660346A (en) * | 2019-01-16 | 2019-04-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Information trustship method, apparatus, equipment and computer storage medium |
CN109784888A (en) * | 2019-01-28 | 2019-05-21 | 杭州复杂美科技有限公司 | Red packet processing method, equipment and storage medium |
CN111275419A (en) * | 2020-01-17 | 2020-06-12 | 上海佩俪信息科技有限公司 | Block chain wallet signature right confirming method, device and system |
CN111275419B (en) * | 2020-01-17 | 2023-04-11 | 上海简苏网络科技有限公司 | Block chain wallet signature right confirming method, device and system |
CN112272087A (en) * | 2020-10-26 | 2021-01-26 | 链盟智能科技(广州)有限公司 | Application method in block chain based on safe multi-party calculation |
CN112272087B (en) * | 2020-10-26 | 2023-04-18 | 链盟智能科技(广州)有限公司 | Application method in block chain based on safe multi-party calculation |
Also Published As
Publication number | Publication date |
---|---|
CN108737105B (en) | 2021-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108737105A (en) | Method for retrieving, device, private key equipment and the medium of private key | |
US11790370B2 (en) | Techniques for expediting processing of blockchain transactions | |
CN109146490B (en) | Block generation method, device and system | |
KR102050129B1 (en) | Block chain supporting multiple one-way functions used for verification of blocks | |
US11270030B2 (en) | System and method for consensus management | |
US20190147343A1 (en) | Unsupervised anomaly detection using generative adversarial networks | |
CN110414567B (en) | Data processing method and device and electronic equipment | |
CN112527912B (en) | Data processing method and device based on block chain network and computer equipment | |
GB2539430A (en) | Digital token exchange system | |
US20220086131A1 (en) | Multi-factor authentication for non-internet applications | |
CN113746638B (en) | NFT storage method, NFT restoration method, computer device, and storage medium | |
CN109379343A (en) | A kind of the isomery common recognition method and terminal of block chain | |
CN112799943A (en) | Automatic testing method and device for business system | |
CN113645278A (en) | Cross-chain message transmission method, device and storage medium of block chain | |
CN112766560B (en) | Alliance blockchain network optimization method, device, system and electronic equipment | |
CN113469811A (en) | Block chain transaction processing method and device | |
CN113255011A (en) | Block chain state mapping method, system, computer device and storage medium | |
CN112950180A (en) | Community certificate method and system based on alliance chain, electronic device and storage medium | |
CN111951112A (en) | Intelligent contract execution method based on block chain, terminal equipment and storage medium | |
CN110618989B (en) | Information processing method, information processing device and related products | |
CN112766455A (en) | Learning model training method and system | |
CN116051269A (en) | Mortgage financing service data processing method and device based on blockchain and zero knowledge proof | |
CN115375303A (en) | Calling method and device of intelligent contract, computer readable medium and electronic equipment | |
CN112950183A (en) | Cross-link data interchange method, system, device and electronic equipment | |
WO2021124341A1 (en) | Processing transactions in a distributed ledger network based on labels of the transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |