CN108737105B - Method and device for retrieving private key, private key equipment and medium - Google Patents

Method and device for retrieving private key, private key equipment and medium Download PDF

Info

Publication number
CN108737105B
CN108737105B CN201810427694.5A CN201810427694A CN108737105B CN 108737105 B CN108737105 B CN 108737105B CN 201810427694 A CN201810427694 A CN 201810427694A CN 108737105 B CN108737105 B CN 108737105B
Authority
CN
China
Prior art keywords
private key
terminal
sub
private
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810427694.5A
Other languages
Chinese (zh)
Other versions
CN108737105A (en
Inventor
孙丽
张一锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Original Assignee
Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute filed Critical Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority to CN201810427694.5A priority Critical patent/CN108737105B/en
Publication of CN108737105A publication Critical patent/CN108737105A/en
Application granted granted Critical
Publication of CN108737105B publication Critical patent/CN108737105B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a method and a device for retrieving a private key, private key equipment and a medium. The method comprises the following steps: the first terminal sends a request for retrieving the private key to the second terminal; according to the threshold signature algorithm and the request for retrieving the private key, the second terminal pre-stored sub private key and the third terminal pre-stored sub private key are signed to obtain final signature data; authenticating the final signature data through an intelligent contract on the blockchain; and after the authentication is passed, selecting a sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private key to the first terminal. According to the scheme provided by the embodiment of the invention, the M pieces of sub private keys are pre-stored in the key storage center in advance, so that the sub private keys can be retrieved from the M pieces of sub private keys pre-stored in the key storage center after the sub private keys are lost, and the transaction is carried out through the retrieved sub private keys. Therefore, the phenomenon that the transaction cannot be carried out due to the loss of the complete private key is avoided, and the flexibility of the private key can be improved.

Description

Method and device for retrieving private key, private key equipment and medium
Technical Field
The present invention relates to the field of computers, and in particular, to a method and an apparatus for retrieving a private key, a private key device, and a medium.
Background
With the rise of digital money, numerous digital money purses emerge, and how to ensure the safety of the digital money purses becomes an important problem. The authentication of the authenticity of a transaction or the integrity of a message requires the use of secret keys (private and public) to sign and verify the transaction.
Because the existing private keys are all complete, if the private keys are lost, the users are difficult to trade, so that the improvement of the security of the private keys in the digital currency wallet becomes a problem to be solved urgently.
Disclosure of Invention
The embodiment of the invention provides a method and a device for retrieving a private key, private key equipment and a medium, which can be used for retrieving the private key in time after the private key is lost, thereby improving the safety and flexibility of the private key.
According to a first aspect of the embodiments of the present invention, there is provided a method for recovering a private key, the method comprising:
the first terminal sends a request for retrieving the private key to the second terminal;
according to a threshold signature algorithm and the request for retrieving the private key, the second terminal pre-stored sub private key and the third terminal pre-stored sub private key carry out signature to obtain final signature data;
authenticating the final signature data by a smart contract on a blockchain;
and after the authentication is passed, selecting a sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private key to the first terminal.
According to a second aspect of the embodiments of the present invention, there is provided a retrieving apparatus for a private key, the retrieving apparatus including:
the system comprises a first terminal, a second terminal, a third terminal, an authentication terminal and a key storage center;
the first terminal is used for sending a request for retrieving a private key to the second terminal;
the second terminal is used for signing the second terminal pre-stored sub private key and the third terminal pre-stored sub private key according to a threshold signature algorithm and the request for retrieving the private key to obtain final signature data;
the third terminal for transmitting the final signature data to the authentication terminal,
the authentication terminal is used for authenticating the final signature data through an intelligent contract on a block chain;
and the key storage center is used for selecting any sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private keys to the first terminal after the authentication is passed.
According to a third aspect of embodiments of the present invention, there is provided a private key device including: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the method of retrieving a private key of the first aspect.
According to a fourth aspect of the embodiments of the present invention, a computer-readable storage medium is characterized in that the computer-readable storage medium stores thereon computer program instructions, and the computer program instructions, when executed by a processor, implement the method for recovering a private key according to the first aspect.
According to the method, the device, the private key equipment and the medium in the embodiment of the invention, the M pieces of sub private keys are stored in advance, so that the sub private keys can be retrieved from the M pieces of pre-stored sub private keys after the sub private keys are lost, and the transaction is carried out through the retrieved sub private keys. Therefore, the phenomenon that the transaction cannot be carried out due to the loss of the complete private key is avoided, and the flexibility of the private key can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating a method of recovering a private key of an embodiment of the present invention;
FIG. 2 is a detailed flow chart illustrating a method for recovering a private key according to another embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating the distribution of a client private key according to an embodiment of the invention;
FIG. 4 is a schematic diagram showing system back-end private key distribution for commercial banks in an embodiment of the present invention;
FIG. 5 is a flow chart illustrating an authentication process of an embodiment of the present invention;
FIG. 6 is a flow chart illustrating a method of recovering a private key of another embodiment of the present invention;
fig. 7 is a schematic structural diagram illustrating a device for retrieving a private key according to an embodiment of the present invention;
FIG. 8 is a block diagram illustrating an exemplary hardware architecture of a computing device capable of implementing the recovery method and apparatus in accordance with embodiments of the present invention.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below, and in order to make objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the embodiment of the present invention, (2, 3) the threshold private key refers to a private key that is sliced into 3 sliced sub private keys, the second terminal (commercial bank), the third terminal (central bank) and the first terminal (client) respectively obtain 1 sliced sub private key, and any 2 of the 3 sliced sub private keys are signed together, and then the signature can be completed, that is, the threshold is 2. However, the threshold private key (2, 3) has certain defects, for example, the first terminal fragment sub private key is lost or forgotten, the fragment sub private key can only be obtained again in a resetting manner, and the participating parties are distributed again, so that the efficiency of processing the abnormal flow is reduced, and the complexity is increased. Therefore, the present invention implements the following technical solutions to overcome this drawback.
For a better understanding of the present invention, the method, apparatus and medium for retrieving a private key according to embodiments of the present invention will be described in detail below with reference to the accompanying drawings, and it should be noted that these embodiments are not intended to limit the scope of the present disclosure.
Fig. 1 is a flowchart illustrating a method for retrieving a private key according to an embodiment of the present invention.
As shown in fig. 1, a method 100 for retrieving a private key in the embodiment of the present invention includes the following steps:
step S110, the first terminal sends a request for retrieving the private key to the second terminal.
In this step, the embodiment of the present invention is an embodiment in which multiple parties participate, and the first terminal or the second terminal may be a client or a system backend of a commercial bank. For example: and when the first terminal is the client, the second terminal is the system back end of the commercial bank.
And step S120, signing the pre-stored sub private key of the second terminal and the pre-stored sub private key of the third terminal according to the threshold signature algorithm and the request for retrieving the private key to obtain final signature data.
In this step, the second terminal pre-stored sub-private key and the third terminal pre-stored sub-private key are signed, for example: the client and the back end of the system carry out multiple signatures, and the signatures are determined by a threshold signature algorithm of a sub-private key, the threshold signature algorithm is a group consisting of n members, any member less than t in the group can generate a signature through cooperation, and the signature cannot be forged through cooperation of any member less than t.
It should be further noted that, in the embodiment of the present invention, multiple signatures are performed on the second terminal pre-stored sub private key and the third terminal pre-stored sub private key, and when the number of signatures is 4, that is, a signature process needs 4 data transmissions, for example: the first time, the client uses the sub private key signature of the client to generate data A. And the back end of the second system generates data B according to the signature of the data A. And the third time, the client needs to generate data C according to the data B. And the fourth system back end generates data D according to the data C to become final signature data E.
In the step, the accuracy of subsequent authentication is improved through multiple times of interactive signatures.
Step S130, the final signature data is authenticated by the intelligent contract on the blockchain.
In this step, a Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, and an encryption algorithm. The consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights and interests among different nodes in the blockchain system.
Smart contracts are generally considered to be an automatically secured account from the user's perspective, for example, when certain conditions are met, the contract program in the smart contract automatically releases and transfers funds.
From a technical point of view, smart contracts are considered to be network servers, except that these servers are not bridged over the internet using IP addresses, but rather block chains. So that a particular contract program can be run thereon.
But unlike a network server, all can see intelligent contracts because the code and state of these intelligent contracts are on blockchains (assuming blockchains are public). Moreover, unlike a web server, smart contracts do not depend on a particular hardware device, and in fact, the contract programs for smart contracts are executed by all devices participating in mining.
An intelligent contract is an assembly language programmed on a blockchain. The execution of the intelligent contract is automatic, either successfully executed, or all state changes are undone (including information that has been sent or received from the currently failed contract).
Step S140, after the authentication is passed, selecting the sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private key to the first terminal.
According to the method provided by the embodiment of the invention, the M pieces of sub private keys are prestored, so that the M pieces of sub private keys can be retrieved from the M pieces of sub private keys prestored in the key storage center after the sub private keys of the client are lost, and the transaction is carried out through the retrieved sub private keys. Therefore, the phenomenon that the transaction cannot be carried out due to the fact that the complete private key is lost is avoided, and the flexibility of the private key can be improved. Meanwhile, the method is not limited to only recovering the lost private key by resetting the private key, thereby simplifying the process and improving the efficiency of each participant.
Fig. 2 is a detailed flowchart illustrating a method for recovering a private key according to another embodiment of the present invention.
As shown in fig. 2, the recovery method 200 includes:
step 210, the client sends a request for retrieving the private key to the system backend.
And step 220, performing signature for multiple times by the system back end and the central bank according to the threshold signature algorithm and the request for retrieving the private key.
And step 230, the central bank sends the final signature data to the intelligent contract on the block chain to carry out chain linking.
And 240, feeding back and issuing the sub private key information to the key storage center by the intelligent contract.
And step 250, the key storage center selects a sub-private key from the pre-stored M sub-private keys and issues the sub-private key to the client.
In an embodiment, after the authentication is passed, before selecting a sub-private key from the pre-stored M-piece sub-private keys and issuing the sub-private key to the first terminal, the method further includes:
the first terminal generates a first private key;
generating N sub-private keys according to the first private key, and deleting the first private key;
and pre-storing any M pieces of private keys in a key storage center, wherein M is a natural number greater than or equal to 3, and N is a natural number greater than or equal to 6.
In an embodiment, the second terminal pre-stored sub-private key and the third terminal pre-stored sub-private key are both sub-private keys arbitrarily selected from the remaining N-M pieces of sub-private keys in the first terminal, and the second terminal pre-stored sub-private key is different from the third terminal pre-stored sub-private key.
The following describes a process of obtaining the M-piece pre-stored sub-private keys, the second terminal pre-stored sub-private key, and the third terminal pre-stored sub-private key.
Fig. 3 is a schematic diagram illustrating client-side private key distribution according to an embodiment of the present invention.
When N is equal to 6 and M is equal to 3, the method 300 for allocating the private key of the client in this embodiment includes the following steps:
in step 310, the client generates a private key I.
Step 320, divide into 6 pieces of private key IiI is 1,2,3,4,5,6。
Step 330, delete private key I.
Step 340, save a slice I1
Step 350, adding I2,I3,I4The sub-private key is sent to the key store.
In this step, I2,I3,I4The sub private key is a pre-stored sub private key in the key storage center.
Step 360, when the key storage center confirms the receipt of I2,I3,I4And after the sub private key is received, feeding back confirmation information to the client.
Step 370, delete I in client2,I3,I4The child private key.
Step 380, adding I5The sub-private key is sent to the system backend of the commercial bank.
In this step, I5The sub private key is the pre-stored sub private key of the second terminal.
Step 390, when the back end of the system of the commercial bank confirms the receipt of I5And after the sub private key is received, feeding back confirmation information to the client.
Step 3100, delete I in client5The child private key.
Step 3110, mixing I6The child private key is sent to the central bank.
In this step, I6The sub private key is the pre-stored sub private key of the third terminal.
In step 3120, the central bank confirms receipt of I5And after the sub private key is received, feeding back confirmation information to the client.
Step 3130, delete I in client6The child private key.
The commercial bank private key storage center stores 3 sub-private keys, and commercial banks (the back end of the system belongs to or is managed in the commercial banks), a central bank and a client side 3 are respectively provided with one sub-private key. The client and the commercial bank are responsible for the implementation of transaction, the commercial bank and the central bank are responsible for the implementation of supervision, and the key storage center is responsible for the storage of the sub-private key, so that the safety of digital currency transaction is ensured, the supervision requirement of the central bank is also met, the safety of the private key is improved, and the flexibility of the private key is also realized.
Fig. 4 is a schematic diagram showing system back-end private key distribution for commercial banks in an embodiment of the present invention.
The system back-end private key allocation of the commercial bank in fig. 4 is the same as the private key allocation of the client in fig. 3, and a detailed parsing description is not provided here.
Fig. 5 is a flowchart illustrating an authentication process of an embodiment of the present invention.
In one embodiment, as shown in fig. 5, step S130 authenticates the final signature data via the intelligent contract on the blockchain, including:
s131, based on the final signature data, the corresponding intelligent contract is found on the block chain.
And S132, obtaining a public key corresponding to the private key generated by the first terminal on the intelligent contract according to a preset digital signature algorithm.
In the step, the public key can be found very accurately by presetting the digital signature algorithm, so that the accuracy of finding is improved.
In the embodiment of the invention, the preset Digital Signature Algorithm is mainly used for Signature authentication of a public key and a private key, and the Digital Signature Algorithm (DSA-Digital Signature Algorithm) is not only provided with the public key and the private key but also provided with a Digital Signature. The private key is encrypted to generate a digital signature, the public key verifies the private key data and the digital signature, and if the private key data and the digital signature are not matched, the verification is considered to be failed. Therefore, the sub private key data can be ensured not to be modified in the transmission process through the digital signature algorithm.
S133, the final signature data is authenticated by the public key.
The embodiment of the invention can ensure the accuracy of the user identity by carrying out authentication on the intelligent contract on the block chain, and simultaneously can accurately inform the key storage center to issue the sub-private key to the first terminal in the follow-up process.
Fig. 6 is a flowchart illustrating a method for recovering a private key according to another embodiment of the present invention. Steps in fig. 6 that are the same or equivalent to those in fig. 1 are given the same reference numerals. As shown in fig. 6, the retrieving method 600 is substantially the same as the retrieving method 100, except that the retrieving method 600 further comprises:
s610, after the pre-stored M-piece private keys are all sent, the first terminal sends a private key resetting request to the second terminal.
And S620, signing the pre-stored sub private key of the second terminal and the pre-stored sub private key of the third terminal according to the threshold signature algorithm and the private key resetting request to obtain signature data to be authenticated.
And S630, authenticating the signature data to be authenticated through the intelligent contract on the block chain.
And S640, after the authentication is passed, the first terminal regenerates the private key according to the reset private key information.
By the method of the embodiment of the invention, the private key can be reset, so that the phenomenon that the transaction cannot be carried out due to the loss of the sub-private key can be avoided.
An apparatus according to an embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 7 is a schematic structural diagram illustrating a device for recovering a private key according to an embodiment of the present invention. As shown in fig. 7, the retrieving apparatus 700 includes:
a first terminal 710, a second terminal 720, a third terminal 730, an authentication terminal 740 and a key storage center 721;
a first terminal 710 for sending a request to retrieve a private key to a second terminal 720;
the second terminal 720 is configured to sign the sub-private key pre-stored in the second terminal 720 and the sub-private key pre-stored in the third terminal 730 according to the threshold signature algorithm and the request for retrieving the private key, so as to obtain final signature data;
a third terminal 730 for transmitting the final signature data to the authentication terminal 740,
an authentication terminal 740 for authenticating the final signature data by the intelligent contract on the blockchain;
and the key storage center 721 is used for selecting the sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private key to the first terminal 710 after the authentication is passed.
In an embodiment, the first terminal 710 is further configured to generate a first private key; the system comprises a first private key, a second private key and a third private key, wherein the first private key is used for generating N sub-private keys according to the first private key and deleting the first private key; any M-number of pieces of private keys are pre-stored in the key storage center 721, M being a natural number greater than or equal to 3, and N being a natural number greater than or equal to 6.
In an embodiment, the pre-stored sub-private key of the second terminal 720 and the pre-stored sub-private key of the third terminal 730 are both randomly selected sub-private keys from the N-M pieces of sub-private keys remaining in the first terminal 710, and the pre-stored sub-private key of the second terminal 720 is different from the pre-stored sub-private key of the third terminal 730.
In an embodiment, the authentication terminal 740 is specifically configured to find a corresponding intelligent contract on the blockchain based on the final signature data;
and is configured to obtain, on the smart contract, a public key corresponding to the private key generated by the first terminal 710 according to a preset digital signature algorithm; and authenticating the final signature data through the public key.
In an embodiment, the first terminal 710 is further configured to send a request for resetting the private key to the second terminal 720;
the second terminal 720 is further configured to perform signature on the pre-stored sub-private key of the second terminal 720 and the pre-stored sub-private key of the third terminal 730 according to the threshold signature algorithm and the request for resetting the private key, so as to obtain signature data to be authenticated;
the authentication terminal 740 is further configured to authenticate the signature data to be authenticated, and send the reset private key information to the first terminal 710 after the authentication is passed;
the first terminal 710 is further configured to regenerate the private key by the first terminal 710 according to the reset private key information.
According to the device in the embodiment of the present invention, by pre-storing M pieces of private keys in the key storage center 721 in advance, after the private key is lost, the M pieces of private keys can be retrieved from the M pieces of private keys pre-stored in the key storage center 721, and a transaction is performed by using the retrieved M pieces of private keys. Therefore, the phenomenon that the transaction cannot be carried out due to the fact that the complete private key is lost is avoided, and the flexibility of the private key can be improved. Meanwhile, the method is not limited to only recovering the lost private key by resetting the private key, thereby simplifying the process and improving the efficiency of each participant.
Other details of the retrieving device according to the embodiment of the present invention are similar to the method according to the embodiment of the present invention described above with reference to fig. 1 to 7, and are not repeated herein.
The recovery method and apparatus according to the embodiments of the present invention described in conjunction with fig. 1 to 7 may be implemented by a computing device. FIG. 8 is a block diagram illustrating an exemplary hardware architecture of a computing device capable of implementing the recovery method and apparatus in accordance with embodiments of the present invention.
As shown in fig. 8, computing device 800 includes an input device 801, an input interface 802, a central processor 803, a memory 804, an output interface 805, and an output device 806. The input interface 802, the central processing unit 803, the memory 804, and the output interface 805 are connected to each other via a bus 810, and the input device 801 and the output device 806 are connected to the bus 810 via the input interface 802 and the output interface 805, respectively, and further connected to other components of the computing device 800. Specifically, the input device 801 receives input information from the outside, and transmits the input information to the central processor 803 through the input interface 802; the central processor 803 processes input information based on computer-executable instructions stored in the memory 804 to generate output information, temporarily or permanently stores the output information in the memory 804, and then transmits the output information to the output device 806 via the output interface 805; output device 806 outputs output information external to computing device 800 for use by a user.
That is, the computing device shown in fig. 8 may also be implemented to include: a memory storing computer-executable instructions; and a processor which, when executing computer executable instructions, may implement the recovery method and apparatus described in connection with fig. 1-7.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present invention, and these modifications or substitutions should be covered within the scope of the present invention.

Claims (8)

1. A method for recovering a private key, the method comprising:
the first terminal sends a request for retrieving the private key to the second terminal;
according to a threshold signature algorithm and the request for retrieving the private key, the second terminal pre-stored sub private key and the third terminal pre-stored sub private key carry out signature to obtain final signature data;
authenticating the final signature data by a smart contract on a blockchain;
after the authentication is passed, selecting a sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private key to the first terminal;
the authenticating the final signature data by the smart contract on the blockchain includes:
based on the final signature data, finding a corresponding intelligent contract on a block chain;
obtaining a public key corresponding to a private key generated by the first terminal on the intelligent contract according to a preset digital signature algorithm;
authenticating the final signature data by the public key;
the second terminal pre-stored sub-private key and the third terminal pre-stored sub-private key are sub-private keys randomly selected from the remaining N-M pieces of sub-private keys in the first terminal, and the second terminal pre-stored sub-private key is different from the third terminal pre-stored sub-private key; and N is the number of sub-private key pieces generated by the first terminal according to the first private key, and the first private key is the private key generated by the first terminal.
2. The recovering method according to claim 1, wherein after the authentication is passed, before selecting the sub-private key from the M pre-stored sub-private keys and issuing the sub-private key to the first terminal, the method further comprises:
the first terminal generates a first private key;
generating N sub-private keys according to the first private key, and deleting the first private key;
and pre-storing any M pieces of private keys in a key storage center, wherein M is a natural number greater than or equal to 3, and N is a natural number greater than or equal to 6.
3. The recovering method according to any one of claims 1-2, wherein after the authentication is passed, and after the sub-private key is selected from the M pre-stored sub-private keys and issued to the first terminal, the method further comprises:
after the pre-stored M-piece private keys are all sent, the first terminal sends a private key resetting request to the second terminal;
according to a threshold signature algorithm and the private key resetting request, the second terminal pre-stored sub-private key and the third terminal pre-stored sub-private key carry out signature to obtain signature data to be authenticated;
authenticating the signature data to be authenticated through an intelligent contract on a block chain;
and after the authentication is passed, the first terminal regenerates the private key according to the reset private key information.
4. An apparatus for retrieving a private key, the apparatus comprising:
the system comprises a first terminal, a second terminal, a third terminal, an authentication terminal and a key storage center;
the first terminal is used for sending a request for retrieving a private key to the second terminal;
the second terminal is used for signing the second terminal pre-stored sub private key and the third terminal pre-stored sub private key according to a threshold signature algorithm and the request for retrieving the private key to obtain final signature data;
the third terminal for transmitting the final signature data to the authentication terminal,
the authentication terminal is used for authenticating the final signature data through an intelligent contract on a block chain;
the key storage center is used for selecting any sub-private key from the pre-stored M pieces of sub-private keys and issuing the sub-private keys to the first terminal after the authentication is passed;
the authentication terminal is used for authenticating the terminal,
specifically, the method is used for searching a corresponding intelligent contract on a block chain based on the final signature data;
the intelligent contract is used for acquiring a public key corresponding to the private key generated by the first terminal according to a preset digital signature algorithm;
authenticating the final signature data by the public key;
the second terminal pre-stored sub-private key and the third terminal pre-stored sub-private key are sub-private keys randomly selected from the remaining N-M pieces of sub-private keys in the first terminal, and the second terminal pre-stored sub-private key is different from the third terminal pre-stored sub-private key; and N is the number of sub-private key pieces generated by the first terminal according to the first private key, and the first private key is the private key generated by the first terminal.
5. The recovery device of claim 4 wherein the first terminal is further configured to generate a first private key;
the system comprises a first private key, a second private key and a third private key, wherein the first private key is used for generating N sub-private keys according to the first private key and deleting the first private key;
and pre-storing any M pieces of private keys in the key storage center, wherein M is a natural number greater than or equal to 3, and N is a natural number greater than or equal to 6.
6. The retrieval device of any one of claims 4-5,
the first terminal is also used for sending a private key resetting request to the second terminal;
the second terminal is further configured to perform signature on the second terminal pre-stored sub-private key and the third terminal pre-stored sub-private key according to a threshold signature algorithm and the private key resetting request, so as to obtain signature data to be authenticated;
the authentication terminal is also used for authenticating the signature data to be authenticated and sending reset private key information to the first terminal after the authentication is passed;
the first terminal is further used for regenerating the private key according to the private key resetting information.
7. A private key device, characterized in that the private key device comprises: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements a method of recovering a private key as claimed in any one of claims 1 to 3.
8. A computer-readable storage medium, having stored thereon computer program instructions, which, when executed by a processor, implement a method of retrieving a private key as claimed in any one of claims 1 to 3.
CN201810427694.5A 2018-05-07 2018-05-07 Method and device for retrieving private key, private key equipment and medium Active CN108737105B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810427694.5A CN108737105B (en) 2018-05-07 2018-05-07 Method and device for retrieving private key, private key equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810427694.5A CN108737105B (en) 2018-05-07 2018-05-07 Method and device for retrieving private key, private key equipment and medium

Publications (2)

Publication Number Publication Date
CN108737105A CN108737105A (en) 2018-11-02
CN108737105B true CN108737105B (en) 2021-09-28

Family

ID=63937196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810427694.5A Active CN108737105B (en) 2018-05-07 2018-05-07 Method and device for retrieving private key, private key equipment and medium

Country Status (1)

Country Link
CN (1) CN108737105B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111385098B (en) * 2018-12-29 2021-09-07 华为技术有限公司 Key generation method and device
CN109639421B (en) * 2019-01-09 2021-09-21 山东浪潮质量链科技有限公司 Method for retrieving private key and server
CN109660346B (en) * 2019-01-16 2021-09-17 中钞信用卡产业发展有限公司杭州区块链技术研究院 Information hosting method, device, equipment and computer storage medium
CN109784888A (en) * 2019-01-28 2019-05-21 杭州复杂美科技有限公司 Red packet processing method, equipment and storage medium
CN111275419B (en) * 2020-01-17 2023-04-11 上海简苏网络科技有限公司 Block chain wallet signature right confirming method, device and system
CN112272087B (en) * 2020-10-26 2023-04-18 链盟智能科技(广州)有限公司 Application method in block chain based on safe multi-party calculation

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938353B (en) * 2010-08-03 2012-09-26 北京海泰方圆科技有限公司 Method for remotely resetting personal identification number (PIN) of key device
CN103580855B (en) * 2013-11-07 2017-01-18 江南大学 Usbkey management method based on sharing technology
CA2992458A1 (en) * 2015-07-14 2017-01-19 Fmr Llc Computationally efficient transfer processing, auditing, and search apparatuses, methods and systems
CN104954390B (en) * 2015-07-17 2019-04-02 青岛大学 It can restore the cloud storage integrality detection method and system of Lost Security Key
CN106559211B (en) * 2016-11-22 2019-12-13 中国电子科技集团公司第三十研究所 Privacy protection intelligent contract method in block chain
CN106548345B (en) * 2016-12-07 2020-08-21 北京信任度科技有限公司 Method and system for realizing block chain private key protection based on key partitioning
CN107273759B (en) * 2017-05-08 2020-07-14 上海点融信息科技有限责任公司 Method, apparatus, and computer-readable storage medium for protecting blockchain data
CN107171796A (en) * 2017-06-27 2017-09-15 济南浪潮高新科技投资发展有限公司 A kind of many KMC key recovery methods
CN111585760B (en) * 2017-10-27 2023-04-18 财付通支付科技有限公司 Key retrieving method, device, terminal and readable medium

Also Published As

Publication number Publication date
CN108737105A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
CN108737105B (en) Method and device for retrieving private key, private key equipment and medium
CN112446785B (en) Cross-chain transaction method, system, device, equipment and storage medium
CN109462587B (en) Block chain layered consensus method, block chain network system and block chain node
CN109687963B (en) Anti-quantum computing alliance chain transaction method and system based on public key pool
CN109075964B (en) Block chaining supporting multiple one-way functions for block verification
CN110612700B (en) Authentication based on recovered public key
CN109347868B (en) Information verification method, device and storage medium
EP3647955B1 (en) Consensus-forming method in network, and node for configuring network
CN112215608A (en) Data processing method and device
JP2022536115A (en) Distributed Consensus Algorithm, Device and Computer Readable Storage Medium for Rapid Generation of Blocks
CN106779705B (en) Dynamic payment method and system
CN111815321A (en) Transaction proposal processing method, device, system, storage medium and electronic device
GB2548802A (en) Methods for creating and verifying an electronic user identity
CN112084234A (en) Data acquisition method, apparatus, device and medium
EP4032228A1 (en) Methods and devices for automated digital certificate verification
CN113746638B (en) NFT storage method, NFT restoration method, computer device, and storage medium
CN111582845A (en) Cross-chain transaction method and device of block chain and electronic equipment
JP2021530173A (en) Computer implementation systems and methods for accumulator-based protocols for the distribution of tasks between computer networks
CN110737915A (en) Anti-quantum-computation anonymous identity recognition method and system based on alliance chain and implicit certificate
CN115174570A (en) Cross-chain consensus method and system based on dynamic committee
CN110493005B (en) Anti-quantum computing public key pool updating method and system based on alliance chain
CN116506134B (en) Digital certificate management method, device, equipment, system and readable storage medium
CN111353780B (en) Authorization verification method, device and storage medium
CN111050326B (en) Block chain-based short message verification method, device, equipment and medium
Douglas et al. Synthetic aperture active sonar imaging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant