CN109903047A - Key migration method and apparatus - Google Patents
Key migration method and apparatus Download PDFInfo
- Publication number
- CN109903047A CN109903047A CN201910132901.9A CN201910132901A CN109903047A CN 109903047 A CN109903047 A CN 109903047A CN 201910132901 A CN201910132901 A CN 201910132901A CN 109903047 A CN109903047 A CN 109903047A
- Authority
- CN
- China
- Prior art keywords
- key
- client device
- ciphertext data
- private key
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The embodiment of the present application provides a kind of key migration method and apparatus, wherein, this method comprises: the first client device initiates key migration request, and the first public key that will be generated by re-encryption system to the second client device for preserving the second key components, it is sent to the second client device;Second client device generates the second public key and the second private key by re-encryption system, and generates the first encryption data according to the second public key and the second key components, generates re-encrypted private key according to the first public key and the second private key, then above-mentioned data are sent to server;Server obtains the second encryption data that the first client device can be decrypted by preset re-encryption operation according to above-mentioned data, and sends the data to the first client device;First client device decrypts the second encryption data using the first public key, obtains the second key components, to solve, key migration present in existing method is dangerous, is easy the technical issues of leakage.
Description
Technical field
This application involves Internet technical field, in particular to a kind of key migration method and apparatus.
Background technique
With the development of internet technology and universal, more and more users start mobile client device accustomed to using
(such as mobile phone or tablet computer etc. of user) completes relevant transaction data processing.For example, purchase on line using mobile phone
Bill etc. under object or pay lines.
In order to guarantee that user can possess to the control that funds data uses in oneself account, often made by user
Or a key components are saved with the client device of user account binding.In response user's instruction, number of deals is carried out
When according to processing, user is needed to provide saved key components by the client device, the friendship of the corresponding user could be generated
Easily signature, and then just the funds data in the account of user can be smoothly called using the trading signature as voucher, it completes specific
Transaction data processing.
If user replaces used in oneself or the client device of binding, toward contact on new client device
There is no above-mentioned key components.For example, being carried out at transaction data using the mobile phone A for being bundled with oneself account always before user's first
Reason, locally preserves the key components for generating trading signature in mobile phone A.When the replacement of user's first is using the mobile phone B newly bought,
Although can log in the account of oneself in mobile phone B, the key not being stored in mobile phone A in mobile phone B when starting divides
Amount.At this moment user's first also directly can not generate trading signature using mobile phone B, carry out transaction data processing.Therefore, it is necessary to first will
The key components first migrate from mobile phone A and are saved in mobile phone B.
But existing key migration method is relatively simple, is by the client device that uses before (such as hand mostly
Machine A) key components saved are directly sent to new client device (such as mobile phone B).During sending, transmitting
Above-mentioned key components are easy to be compromised or be stolen by third party.That is, existing key migration method is when it is implemented, often
There is technical issues that key migration is dangerous, is easy.
In view of the above-mentioned problems, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the present application provides a kind of key migration method and apparatus, and to solve, key migration is dangerous, is easy to let out
The technical issues of leakage.
The embodiment of the present application provides a kind of key migration method, and the method is applied to include that the first client is set
In the system of standby, the second client device and server, wherein second client device preserves the second key components,
The server preserves first key component, which comprises
First client device initiates key migration request, and generates the first public key and first by re-encryption system
Private key;
Second client device responds the key migration request, generates the second public key and the by re-encryption system
Two private keys;
Second client device obtains first public key, and according to second public key and second key point
Amount generates the first ciphertext data;According to first public key and second private key, re-encrypted private key is generated;
The first ciphertext data and the re-encrypted private key are sent to server by second client device;
The server carries out preset re-encryption operation according to the first ciphertext data and the re-encrypted private key,
Obtain the second ciphertext data;And the second ciphertext data are sent to the first client device;
First client device is decrypted the second ciphertext data using first private key, obtains
Second key components.
In one embodiment, utilize first private key to the second ciphertext data in first client device
It is decrypted, after obtaining second key components, the method also includes:
First client device sends the second key components to second client device and collects mail really breath;
Second client device responds the acknowledgement information, destroys and is stored in the of the second client device local
Two key components.
In one embodiment, before first client device initiates key migration request, the method also includes:
First client device receives key migration instruction;
First client device responds the key migration instruction, the body to the account for logging in the first client device
Part information is verified, the account on the identity information and the second client device that verifying logs in the account of the first client device
In the matched situation of the identity information at family, the key migration request is initiated.
The embodiment of the present application also provides a kind of key migration method, the method is applied to the second client device, institute
It states the second client device and preserves the second key components, which comprises
Receive the key migration request of the first client device initiation, wherein log in the account of first client device
The identity information at family is matched with the identity information of the account on second client device;
The key migration request is responded, the second public key and the second private key are generated by re-encryption system, and obtain first
Client device generate the first public key, wherein first client device by re-encryption system generate the first public key and
First private key;
According to second public key and second key components, the first ciphertext data are generated;And it is public according to described first
Key and second private key generate re-encrypted private key;
The first ciphertext data and the re-encrypted private key are sent to server, wherein the server is used for root
The second ciphertext data are generated according to the first ciphertext data and the re-encrypted private key, and the second ciphertext data are sent to
First client device;First client device is for solving the second ciphertext data using first private key
Close processing obtains second key components.
In one embodiment, after the first ciphertext data and the re-encrypted private key are sent to server, institute
State method further include:
The second key components for receiving the transmission of the first client are collected mail breath really, wherein first client device exists
In the case where obtaining second key components, the acknowledgement information is generated;
The acknowledgement information is responded, the second saved key components are destroyed.
In one embodiment, the first public key that the first client device generates is obtained, comprising:
Scanning obtains the default two dimensional code that the first client device generates;
The default two dimensional code is parsed, first public key is obtained.
The embodiment of the present application also provides a kind of key migration method, the method is applied to the first client device, institute
The method of stating includes:
Key migration request is initiated, and the first public key and the first private key are generated by re-encryption system;
The first public key is sent to the second client device, wherein the second client end equipment responds the key and moves
Request is moved, the second public key and the second private key are generated by re-encryption system, it is close that second client device also preserves second
Key component;
Receive the second ciphertext data that server is sent, wherein the second ciphertext data are server according to described the
First ciphertext data and re-encrypted private key provided by two client devices are obtained by the preset re-encryption operation of progress,
The first ciphertext data are that the second client device is generated according to second public key and second key components, institute
Stating re-encrypted private key is that second client device is generated according to first public key and second private key;
The second ciphertext data are decrypted using first private key, obtain the second key components.
In one embodiment, the second ciphertext data are being decrypted using first private key, are being obtained
After second key components, the method also includes:
The second key components are generated to collect mail really breath;
The acknowledgement information is sent to first client device.
The embodiment of the present application also provides a kind of key migration devices, comprising:
Receiving module, for receiving the key migration request of the first client device initiation, wherein log in first visitor
The identity information of the account of family end equipment is matched with the identity information of the account on the second client device;
First processing module generates the second public key and the by re-encryption system for responding key migration request
Two private keys, and obtain the first public key that the first client device generates, wherein first client device passes through re-encryption system
System generates the first public key and the first private key;
Second processing module, for generating the first ciphertext data according to second public key and the second key components;And root
According to first public key and second private key, re-encrypted private key is generated;
Sending module, for the first ciphertext data and the re-encrypted private key to be sent to server, wherein described
Server is used to generate the second ciphertext data according to the first ciphertext data and the re-encrypted private key, and close by described second
Literary data are sent to the first client device;First client device is used for close to described second using first private key
Literary data are decrypted, and obtain second key components.
The embodiment of the present application also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described
Instruction, which is performed, realizes that receiving the key migration that the first client device is initiated requests, wherein logs in first client
The identity information of the account of equipment is matched with the identity information of the account on second client device;The key is responded to move
Request is moved, the second public key and the second private key are generated by re-encryption system, and it is public to obtain the first client device generates first
Key, wherein first client device generates the first public key and the first private key by re-encryption system;It is public according to described second
Key and second key components generate the first ciphertext data;And according to first public key and second private key, weight is generated
Encryption key;The first ciphertext data and the re-encrypted private key are sent to server, wherein the server is used for root
The second ciphertext data are generated according to the first ciphertext data and the re-encrypted private key, and the second ciphertext data are sent to
First client device;First client device is for solving the second ciphertext data using first private key
Close processing obtains second key components.
In the embodiment of the present application, since the program is by introducing the processing mode based on re-encryption, first by preserving the
Second client device of this key components to be migrated of two key components carries out corresponding re-encryption to the second key components
Processing, and the first encryption data that encryption is obtained is sent to server;It is transported again by server by preset re-encryption
It calculates, the first encryption data, which is converted to the first client device, can use what the first private key oneself possessed was decrypted
Second encryption data, and send the data to the first client device;It is finally private using first by the first client device again
Key obtains the second key components by the way that the second encryption data is decrypted, realize key components different client devices it
Between migration, and the risk that the second key components are compromised or are stolen in transition process is significantly reduced, to solve
Key migration present in existing method of having determined is dangerous, is easy the technical issues of leakage, has reached second safe and efficiently
The second key components that client device is saved move to the technical effect of the first client device.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property
Under, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the process flow diagram of the key migration method provided according to the application embodiment;
Fig. 2 is the schematic diagram that key migration method provided by the embodiments of the present application is applied in a Sample Scenario;
Fig. 3 is the process flow diagram of the key migration method provided according to the application embodiment;
Fig. 4 is the process flow diagram of the key migration method provided according to the application embodiment;
Fig. 5 is the composite structural diagram of the key migration device provided according to the application embodiment;
Fig. 6 is the electronic equipment composed structure schematic diagram based on key migration method provided by the embodiments of the present application.
Specific embodiment
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality
The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation
Example is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field is common
The application protection all should belong in technical staff's every other embodiment obtained without making creative work
Range.
In view of existing key migration method often designs the process by a relatively simple, key is caused to transmit in migration
In it is easy to appear leakages, or the case where be stolen, or even user is caused to lose.That is, existing key migration method is specific
Often there is technical issues that key migration is dangerous, is easy when implementation.
For the basic reason for generating above-mentioned technical problem, the application consideration can introduce the processing mode based on re-encryption
To improve the safety of key migration.Specifically, can be first by preserving this key components to be migrated of the second key components
The second client device corresponding re-encryption processing, and the first encryption that encryption is obtained are carried out to the second key components
Data are sent to server;Again by server by preset re-encryption operation, the first encryption data is converted into the first visitor
Family end equipment can use the second encryption data that the first private key oneself possessed is decrypted, and send the data to
One client device;Finally again by the first client device using the first private key by the way that the second encryption data is decrypted, obtain
The second key components are taken, realize migration of the key components between different client devices, and it is close to significantly reduce second
The risk that key component is compromised or is stolen in transition process, to solve the uneasiness of key migration present in existing method
Entirely, it is easy the technical issues of leakage, has reached the second key components for safe and efficiently being saved the second client device and has moved
Move on to the technical effect of the first client device.
Based on above-mentioned thinking thinking, the embodiment of the present application provides a kind of key migration method.Referring specifically to shown in Fig. 1
According to the application embodiment provide key migration method process flow diagram.Key migration provided by the embodiments of the present application
Method specifically can be applied to include in the system of the first client device, the second client device and server.
Wherein, above-mentioned second client device (can be denoted as client2) specifically can be understood as one kind and preserve wait move
The client device of the key components of shifting.For example, it may be what user used before, or be bundled with the account of user before
Mobile phone or tablet computer etc..Certainly, it should be noted that above-mentioned the second cited client device is that one kind is schematically said
It is bright.When it is implemented, above-mentioned second client device can also be other kinds of electronic equipment, or run on above-mentioned electronics
Software program in equipment etc..Concrete form, type for the second client device, this specification are not construed as limiting.
Above-mentioned first client device (can be denoted as client1) specifically can be understood as a kind of key components to be migrated
The target device to be migrated.For example, it may be with the mobile phone used or tablet computer etc. is newly replaced.Similar, it needs to illustrate
, above-mentioned the first cited client device is that one kind schematically illustrates.When it is implemented, above-mentioned first client is set
It is standby to can also be other kinds of electronic equipment, or run on the software program etc. in above-mentioned electronic equipment.For first
The concrete form of client device, type, this specification are not construed as limiting.
Above-mentioned service implement body (can be denoted as KMS) can be understood as a kind of being that user provides transaction data and handles etc. and is related to
Key components use the background server of the platform of business.For example, above-mentioned server can be the backstage of certain network payment platform
Server etc..Certainly, it should be noted that above-mentioned cited server is that one kind schematically illustrates.On when it is implemented,
Stating server can also be other kinds of electronic equipment, or run on the software program etc. in above-mentioned electronic equipment.It is right
Concrete form, type in server, this specification are not construed as limiting.
In the present embodiment, it in order to guarantee the safety of customer transaction data processing, can will be used at subsequent transaction data
The key of reason splits into two-part key components and is stored respectively in server and client side's equipment.Server and client side sets
The standby key components that can take care of a part respectively, it is subsequent to need to service when carrying out transaction data processing in response user instruction
Device and client device provide the key components respectively taken care of together, just can be carried out specific transaction data processing.For example, needing
The key components respectively to be taken care of using above-mentioned two sides simultaneously, the funds data being just capable of calling in the account of user complete transaction.
Accordingly even when third party has stolen any one in the key components that server and client side respectively takes care of, can not also call
The account of user, so as to improve the safety that the transaction data of user is handled.
In the present embodiment, above-mentioned server can store first key component, and the second client device can store
Second key components.When specific progress transaction data processing, need server and the second client device that will respectively be protected respectively
The first key component deposited and the second key components could generate corresponding trading signature, Jin Erke as input progress operation
Using the trading signature as voucher, to complete corresponding transaction data processing.Wherein, above-mentioned trading signature (is referred to as public affairs
Key digital signature or Electronic Signature etc.) it specifically can be understood as one kind based on public key cryptography, for proving user identity
Digital signature.Specifically, to can be one section corresponding with user identity for above-mentioned trading signature, and it is not easy the character string forged.?
When carrying out the processing of specific transaction data, for example, the identity of user can be verified, and call user according to above-mentioned trading signature
Funds data in account carries out specific transaction data processing.You need to add is that for only being saved by client for giving birth to
At the scene of the key components of trading signature, this method be can also be applied.
In the present embodiment, desired the second key components that will be stored in the second client device originally of user are smooth, pacify
The first client device is moved to entirely.Refering to it is shown in Fig. 2 in a Sample Scenario using provided by the embodiments of the present application
The schematic diagram of key migration method, when it is implemented, the above method may include the following contents:
S11: first client device initiates key migration request, and by re-encryption system generate the first public key and
First private key.
In the present embodiment, above-mentioned key migration request specifically can be understood as a kind of be directed to and be stored with the second key components
The second client device, be used to indicate the number of request that the second key components that will be stored move to the first client device
According to.
In the present embodiment, above-mentioned re-encryption system specifically can be understood as a kind of encryption data based on proxy re-encryption
Processing system.Wherein, above-mentioned proxy re-encryption (Proxy Re-Encryption) specifically can be understood as a kind of by introducing simultaneously
Believable third party (can be server in the present embodiment) is entrusted to convert a side to using the ciphertext of public key encryption another
The ciphertext that can be decrypted with private key, to realize the data processing rule of data sharing.
In the present embodiment, above-mentioned first public key and the first private key specifically can be one group and passed through by the first client device
The key pair being mutually matched that re-encryption system generates, above-mentioned key pair can be used at the data such as encrypting follow-up data
Reason.
In the present embodiment, when it is implemented, the first client device can first into system the second client device,
And the server in system initiates key migration request, to request migration to be stored in the second key point of the second client device
It measures to the first client device.Further, the first client device can also respond initiated key migration request, pass through weight
Encryption system generates the key pair being mutually matched, i.e. the first public key and the first private key, handles for follow-up data.
Specifically, for example, the first client device can generate the first public key and the first private key: PRE- in the following way
keyGen()->(pk_n,sk_n).Wherein, above-mentioned PRE-keyGen () can specifically be expressed as a kind of based on proxy re-encryption
Re-encryption system operational formula, above-mentioned pk_n can specifically be expressed as the first public key, and sk_n can specifically be expressed as first
Private key.
In one embodiment, it in order to further increase the safety of customer transaction data processing, is set in the first client
Before preparation plays key migration request, the first client device can also be communicated first with server, and determining to log in verifying makes
It is consistent with using the user identity of the second client device with the user of the first client device.It determines and logs in the first client
Whether the account of the user of equipment is identical as the account of user in the second client, in the user for logging in the first client device
Account situation identical with the account of user in the second client under, then initiate to the second client device and server close
Key migration request.
In one embodiment, before first client device initiates key migration request, the method is specifically real
Shi Shi can also include the following contents:
S1: first client device receives key migration instruction;
S2: first client device responds the key migration instruction, to the account for logging in the first client device
Identity information verified, verifying log in the first client device account identity information and the second client device on
Account the matched situation of identity information under, initiate key migration request.
In the present embodiment, above-mentioned key migration instruction specifically can be understood as user and pass through the sending of the first client device
Be used to indicate and migrate the second key components to the director data of the first client device.
Specifically, for example, user can log in the account of oneself on the first client device, and by clicking account page
The operation such as key migration icon shown in face is to generate above-mentioned key migration instruction.First client device can receive
Aforesaid operations, and determine that key migration instructs according to aforesaid operations.
In the present embodiment, the first client device is after receiving the instruction of above-mentioned key migration, can be first to logging in the
The identity information of the account of one client device is verified.Specifically, when the available user of the first client device logs in
Used coding of accounts or name on account, and the identity information for logging in the accounts such as key inputted when login;Again will
The identity information of above-mentioned account is compared with the identity information for the account being stored on the second client device, above-mentioned two
The identity information of the account of client device is identical or difference value is relatively small, when being less than a certain default discrepancy threshold, determines
The identity information for logging in the account of the first client device is matched with the identity information of the account on the second client device, i.e., really
The first client device is logged in front of settled and is required the account of key migration and is logged in the account for using the second client device before
Family is same account, and then can initiate key migration request.Opposite, in the identity of the account of above-mentioned two client device
Information is different or difference value is relatively large, when being greater than a certain default discrepancy threshold, determines the account for logging in the first client device
The identity information at family and the identity information of the account on the second client device mismatch, that is, determine the first client of current login
Equipment simultaneously requires the account of key migration and is logged in front of using the account of the second client device not being same account, judges institute
Received key migration instruction may be illegal, and the user for issuing the instruction may have no right to require to carry out key migration.At this moment it is
The account safety of protection user, the first client device can not initiate key migration request.At the same time it can also to user's exhibition
Show prompt information, after the identity information of the account to prompt user's PLSCONFM to be inputted is accurate, then triggers key migration and refer to
It enables.
S12: second client device responds the key migration request, generates the second public key by re-encryption system
With the second private key.
In this embodiment, above-mentioned second public key and the second private key specifically can be one group and passed through again by the second client device
The key pair being mutually matched that encryption system generates, above-mentioned key pair can be used for the data processing such as encrypting follow-up data.
In the present embodiment, the second client device can respond above-mentioned key and move after receiving key migration request
Request is moved, the second public key and the second private key that are mutually matched are generated by re-encryption system.For follow-up data processing.
Specifically, for example, the second client device can generate the second public key and the second private key: PRE- in the following way
keyGen()->(pk_o,sk_o).Wherein, above-mentioned PRE-keyGen () can specifically be expressed as a kind of based on proxy re-encryption
Re-encryption system operational formula, above-mentioned pk_o can specifically be expressed as the second public key, and sk_o can specifically be expressed as second
Private key.
S13: second client device obtains first public key, and according to second public key and described second close
Key component generates the first ciphertext data;According to first public key and second private key, re-encrypted private key is generated.
In the present embodiment, above-mentioned second client device can obtain the generation of the first client device in several ways
The first public key.Specifically, the second client device can be true by information such as the device identifications of the first client device of inquiry
Fixed first public key.First public key directly can also be sent to by the second client device by the first client device, by the second visitor
Family end equipment receives above-mentioned first public key etc..
In the present embodiment, it is contemplated that the first client device and the second client device can be mobile phone that user uses
Or tablet computer etc. carries the electronic equipment of camera, the data safety in public key transmission process in order to balance, also for just
In user's operation, when it is implemented, can be first by the first client device according to the first public key, corresponding default two dimension is generated
Code.Above-mentioned preset two dimensional code is showed into the second client device again, so that the second client device can pass through camera
Scanning obtains above-mentioned default two dimensional code.Second client device, can be further pre- to this after obtaining above-mentioned default two dimensional code
If two dimensional code carries out dissection process, the first public key therein is obtained to extract.Certainly, it should be noted that cited by above-mentioned
The mode that second client obtains the first public key is intended merely to that this specification embodiment is better described.When it is implemented, according to
Specific application scenarios and client device feature can also obtain above-mentioned first public key using other modes.In this regard, this explanation
Book is not construed as limiting.
It is in the present embodiment, above-mentioned that first ciphertext data are generated according to second public key and second key components,
When it is implemented, may include: that the second client device is encrypted the second key components using second public key,
Obtain the first ciphertext data.
Specifically, for example, can be as shown in fig.2, the second client device can generate above-mentioned in the following way
One ciphertext data: Enc (pk_o, sk2) -> cxt.Wherein, above-mentioned Enc can specifically be expressed as cryptographic calculation, and above-mentioned cxt is specific
It can be expressed as the first ciphertext data.
In the present embodiment, above-mentioned that re-encrypted private key is generated according to first public key and second private key, it is specific real
Shi Shi may include: that the second client device can call re-encrypted private key generating algorithm, utilize above-mentioned first public key and second
Private key generates corresponding re-encrypted private key.
Specifically, for example, can with as shown in fig.2, the second client device can generate in the following way it is above-mentioned heavy
Encryption key: RekeyGen (sk_o, pk_n) -> rk.Wherein, above-mentioned RekeyGen () can specifically be expressed as being based on re-encryption
The operation of key schedule, above-mentioned rk can specifically be expressed as re-encrypted private key.
S14: the first ciphertext data and the re-encrypted private key are sent to server by second client device.
In the present embodiment, the second client device is after generating above-mentioned first ciphertext data and re-encrypted private key, into one
Above-mentioned first ciphertext data and re-encrypted private key can be sent to server by wired or wireless mode by step.
S15: the server carries out preset re-encryption fortune according to the first ciphertext data and the re-encrypted private key
It calculates, obtains the second ciphertext data;And the second ciphertext data are sent to the first client device.
In the present embodiment, it should be noted that server received at this time includes the first of the second key components
The first client device of ciphertext data is directly to be decrypted, and obtains the second included key components.Therefore,
Comparatively reliable data processing method of the server based on proxy re-encryption can be first passed through, it is first right in conjunction with re-encrypted private key
First ciphertext data perform corresponding processing, and the first ciphertext data are converted to the ciphertext number that the first client device can be decrypted
According to.
In the present embodiment, above-mentioned preset re-encryption operation specifically can be understood as a kind of number based on proxy re-encryption
According to processing mode, the ciphertext data that the first client device can not be decrypted originally, which are converted to the first client device, to decrypt
Ciphertext data cryptographic calculation.
In the present embodiment, above-mentioned second ciphertext data specifically can be understood as it is a kind of through server be based on proxy re-encryption
Data processing method processing after obtained the first client device can decrypt, and include encrypted second key components
Ciphertext data.
In the present embodiment, when it is implemented, server is after receiving above-mentioned first ciphertext data and re-encrypted private key,
It can be carried out pre- based on the data processing method of proxy re-encryption using the first ciphertext data and re-encrypted private key as input
If re-encryption operation, obtain operation result;And using the operation result as above-mentioned second ciphertext data.
Specifically, for example, can be as shown in fig.2, server can generate above-mentioned second ciphertext number in the following way
According to: ReEnc (cxt, rk) -> cxt_n.Wherein, above-mentioned ReEnc () can specifically be expressed as preset re-encryption operation, above-mentioned
Cxt_n can specifically be expressed as the second ciphertext data.
In the present embodiment, after the second ciphertext data that server generates that above-mentioned first client device can be decrypted,
The second ciphertext data can be sent to by the first client device by wired or wireless mode again.
S16: first client device is decrypted the second ciphertext data using first private key,
Obtain second key components.
In the present embodiment, the first client device is after receiving above-mentioned second ciphertext data, due to above-mentioned second close
Literary data, which are servers, carries out preset re-encryption operation to the first ciphertext data based on the data processing method of proxy re-encryption
The data obtained afterwards, therefore, the first client device can use the first saved private key to above-mentioned second ciphertext data into
Row decryption processing obtains the second key components, so as to complete the migration of the second key components.
Specifically, for example, can be as shown in fig.2, the first client device can be in the following way to the second ciphertext
Data are decrypted: Dec (sk_n, cxt_n) -> sk2.Wherein, above-mentioned Dec () can specifically be expressed as decryption operation.
In the embodiment of the present application, compared to existing method, since the program is by introducing the processing side based on re-encryption
Formula, first by preserve the second client device of the second key components this key components to be migrated to the second key components into
The corresponding re-encryption processing of row, and the first encryption data that encryption is obtained is sent to server;Passed through again by server
Preset re-encryption operation, the first encryption data, which is converted to the first client device, can use first oneself possessed
The second encryption data that private key is decrypted, and send the data to the first client device;Finally again by the first client
The first private key of equipment utilization obtains the second key components, realizes key components not by the way that the second encryption data is decrypted
With the migration between client device, and significantly reduces the second key components and be compromised or be stolen in transition process
Risk, thus solve key migration present in existing method it is dangerous, be easy leakage the technical issues of, reached peace
Entirely, the second key components for efficiently being saved the second client device move to the technical effect of the first client device.
In one embodiment, utilize first private key to the second ciphertext data in first client device
It is decrypted, after obtaining second key components, the method is when it is implemented, can also include the following contents:
S1: first client device sends the second key components to second client device and collects mail really breath;
S2: second client device responds the acknowledgement information, and destruction is stored in the second client device local
The second key components.
In the present embodiment, the first client device can determine after obtaining and saving above-mentioned second key components
Two key components have migrated success, subsequent that the second client device used before the replacement of the first client device can be used
Carry out the transaction data processing of the user.That is, the second client device is subsequent will to be no longer participate in the transaction data for carrying out the user
Processing, the second client device also no longer need to save the second key components.It is set in order to avoid being originally stored in the second client
Standby upper the second key components leakage is stolen, and impacts to the transaction security of user, as shown in fig.2, the first client
End equipment can be generated and start to write to the second client and sends the second key components and collect mail really breath.Second client device is connecing
After receiving above-mentioned acknowledgement information, above-mentioned acknowledgement information can be responded, destroy and be originally stored in the second close of the second client device
Key component avoids subsequent second key components that from may being compromised or be stolen by the second client device not used, from
And it can be further improved the transaction data processing safety of user.
In one embodiment, first client device using first private key to the second ciphertext data into
Row decryption processing, after obtaining second key components, the method can also include the following contents: the first client device is connect
Receive and respond the second key components and first key point that the transaction data of user handles request and server respectively to be saved
Amount participates in operation, the corresponding trading signature of generation as input jointly;First client's single device according to the trading signature,
Carry out transaction data processing.
In the present embodiment, for the first client device after having obtained above-mentioned second key components, user can be used
The second client device used before the replacement of one client device, it is specific safely to carry out with server by interacting
Transaction data processing.
It can be seen from the above description that key migration method provided by the embodiments of the present application, by introducing based on weight
The processing mode of encryption, first by preserving the second client device of the second key components this key components to be migrated to the
Two key components carry out corresponding re-encryption processing, and the first encryption data that encryption is obtained is sent to server;Again
By server by preset re-encryption operation, the first encryption data, which is converted to the first client device, can use oneself
The second encryption data that the first private key possessed is decrypted, and send the data to the first client device;Finally again
The second key components are obtained, are realized by the way that the second encryption data is decrypted using the first private key by the first client device
Migration of the key components between different client devices, and significantly reduce the second key components quilt in transition process
The risk for leaking or being stolen, to solve, key migration present in existing method is dangerous, is easy the technology of leakage is asked
Topic, has reached the second key components for safe and efficiently being saved the second client device and has moved to the first client device
Technical effect;Also through the first client device after obtaining the second key components, acknowledgement is sent to the second client device
Information destroys the second saved key components in time, avoids second so that the second client device is according to above-mentioned acknowledgement information
The second key components that client device locally saves are subsequent to be compromised or is stolen, and key migration process is further improved
Safety.
The embodiment of the present application also provides another key migration methods.Referring specifically to shown in Fig. 3 according to the application
The process flow diagram for the key migration method that embodiment provides.Key migration method provided by the embodiments of the present application, specifically may be used
To be applied to the second client device.Wherein, the second client device preserves the second key components.This method specific implementation
When, may include the following contents:
S31: the key migration request that the first client device is initiated is received, wherein log in first client device
The identity information of account matched with the identity information of the account on second client device;
S32: the key migration request is responded, the second public key and the second private key are generated by re-encryption system, and obtain
The first public key that first client device generates, wherein first client device generates the first public affairs by re-encryption system
Key and the first private key;
S33: according to second public key and second key components, the first ciphertext data are generated;And according to described
One public key and second private key generate re-encrypted private key;
S34: the first ciphertext data and the re-encrypted private key are sent to server, wherein the server is used
In generating the second ciphertext data according to the first ciphertext data and the re-encrypted private key, and will the second ciphertext data hair
It send to the first client device;First client device be used for using first private key to the second ciphertext data into
Row decryption processing obtains second key components.
In one embodiment, after the first ciphertext data and the re-encrypted private key are sent to server, institute
Method is stated when it is implemented, can also include the following contents:
S1: the second key components that the first client is sent are received and are collected mail really breath, wherein first client device
In the case where obtaining second key components, the acknowledgement information is generated;
S2: responding the acknowledgement information, destroys the second saved key components.
In one embodiment, the first public key that above-mentioned the first client device of acquisition generates, when it is implemented, can be with
Including the following contents:
S1: the default two dimensional code that the first client device generates is obtained;
S2: the parsing default two dimensional code obtains first public key.
In the present embodiment, it should be noted that the mode of above-mentioned cited the first public key of acquisition is a kind of signal
Property explanation.When it is implemented, as the case may be and process demand, the first public key can also be obtained using other suitable methods.
In this regard, this specification is not construed as limiting.
The embodiment of the present application also provides another key migration methods.Referring specifically to shown in Fig. 4 according to the application
The process flow diagram for the key migration method that embodiment provides.Key migration method provided by the embodiments of the present application, specifically may be used
To be applied to the first client device.When it is implemented, the method may include the following contents:
S41: key migration request is initiated, and the first public key and the first private key are generated by re-encryption system;
S42: the first public key is sent to the second client device, wherein the second client end equipment response is described close
Key migration request generates the second public key and the second private key by re-encryption system, and second client device also preserves the
Two key components;
S43: the second ciphertext data that server is sent are received, wherein the second ciphertext data are server according to institute
The first ciphertext data and re-encrypted private key provided by the second client device are stated, is obtained by carrying out preset re-encryption operation
, the first ciphertext data are generated by the second client device according to second public key and second key components
, the re-encrypted private key is that second client device is generated according to first public key and second private key;
S44: the second ciphertext data are decrypted using first private key, obtain the second key components.
In one embodiment, the second ciphertext data are being decrypted using first private key, are being obtained
After second key components, the method can also include the following contents when being embodied:
S1: the second key components are generated and are collected mail really breath;
S2: Xiang Suoshu first client device sends the acknowledgement information.
Based on the same inventive concept, a kind of key migration device is additionally provided in the embodiment of the present invention, such as following implementation
Described in example.Since the principle that key migration device solves the problems, such as is similar to key migration method, the reality of key migration device
The implementation that may refer to key migration method is applied, overlaps will not be repeated.It is used below, term " unit " or " mould
The combination of the software and/or hardware of predetermined function may be implemented in block ".Although device described in following embodiment is preferably with soft
Part is realized, but the realization of the combination of hardware or software and hardware is also that may and be contemplated.It please refers to shown in Fig. 5
Content is a kind of composite structural diagram of key migration device provided by the embodiments of the present application, which can specifically include: being received
Module 501, first processing module 502, Second processing module 503 and sending module 504 below carry out specifically the structure
It is bright.
Receiving module 501 specifically can be used for receiving the key migration request of the first client device initiation, wherein step on
The identity information for recording the account of first client device is matched with the identity information of the account on the second client device;
First processing module 502 specifically can be used for responding key migration request, generate the by re-encryption system
Two public keys and the second private key, and obtain the first public key that the first client device generates, wherein first client device is logical
Overweight encryption system generates the first public key and the first private key;
Second processing module 503 specifically can be used for that it is close to generate first according to second public key and the second key components
Literary data;And according to first public key and second private key, re-encrypted private key is generated;
Sending module 504 specifically can be used for the first ciphertext data and the re-encrypted private key being sent to service
Device, wherein the server is used to generate the second ciphertext data according to the first ciphertext data and the re-encrypted private key, and
The second ciphertext data are sent to the first client device;First client device is used to utilize first private key
The second ciphertext data are decrypted, second key components are obtained.
In one embodiment, described device specifically can also include destroying module, specifically can be used for receiving the first visitor
The second key components that family end is sent are collected mail breath really, wherein first client device is obtaining second key point
In the case where amount, the acknowledgement information is generated;The acknowledgement information is responded, the second saved key components are destroyed.
In one embodiment, first processing module 502 specifically can obtain the first client device according to following procedure
The first public key generated: scanning obtains the default two dimensional code that the first client device generates;The default two dimensional code is parsed, is obtained
First public key.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
It should be noted that system, device, module or unit that above embodiment illustrates, it specifically can be by computer
Chip or entity are realized, or are realized by the product with certain function.For convenience of description, in the present specification, it retouches
It is divided into various units when stating apparatus above with function to describe respectively.It certainly, when implementing the application can be the function of each unit
It realizes in the same or multiple software and or hardware.
In addition, in the present specification, such as adjective as first and second can be only used for an element or move
Make to distinguish with another element or movement, without requiring or implying any actual this relationship or sequence.Permit in environment
Perhaps in the case where, it should not be interpreted as limited to one in only element, component or step referring to element or component or step (s)
It is a, and can be the one or more etc. in element, component or step.
It can be seen from the above description that key migration device provided by the embodiments of the present application, is based on due to crossing to introduce
The processing mode of re-encryption first passes through the second client device for preserving this key components to be migrated of the second key components
Corresponding re-encryption processing is carried out to the second key components, and the first encryption data that encryption is obtained is sent to service
Device;Again by server by preset re-encryption operation, the first encryption data is converted to the first client device can benefit
The second encryption data that the first private key possessed with oneself is decrypted, and send the data to the first client device;
Finally again by the first client device using the first private key by the way that the second encryption data is decrypted, obtain the second key point
Amount realizes migration of the key components between different client devices, and significantly reduces the second key components and migrating
The risk for being compromised or being stolen in the process, to solve, key migration present in existing method is dangerous, is easy leakage
The technical issues of, reach the second key components for safe and efficiently being saved the second client device and moves to the first visitor
The technical effect of family end equipment.
The embodiment of the present application also provides a kind of electronic equipment, can specifically be implemented refering to shown in fig. 6 based on the application
The electronic equipment composed structure schematic diagram for the key migration method that example provides, the electronic equipment can specifically include input equipment
61, processor 62, memory 63.Wherein, the input equipment 61 specifically can be used for receiving the initiation of the first client device
Key migration request, wherein log in the identity information and second client device of the account of first client device
On account identity information matching.The processor 62 specifically can be used for responding the key migration request, by adding again
Close system generates the second public key and the second private key, and obtains the first public key that the first client device generates, wherein described first
Client device generates the first public key and the first private key by re-encryption system;According to second public key and second key
Component generates the first ciphertext data;And according to first public key and second private key, re-encrypted private key is generated;It will be described
First ciphertext data and the re-encrypted private key are sent to server, wherein the server is used for according to first ciphertext
Data and the re-encrypted private key generate the second ciphertext data, and the second ciphertext data are sent to the first client and are set
It is standby;First client device is obtained for the second ciphertext data to be decrypted using first private key
Second key components.The memory 63 specifically can be used for storing the program instruction that the processor 62 is based on.
In the present embodiment, the input equipment, which specifically can be, carries out information exchange between user and computer system
One of main device.The input equipment may include keyboard, mouse, camera, scanner, light pen, writing input board, language
Sound input unit etc.;Input equipment is used to initial data be input in computer with the programs for handling these numbers.The input
Equipment, which can also obtain, receives the data that other modules, unit, equipment transmit.The processor can be by any appropriate
Mode is realized.For example, processor can take such as microprocessor or processor and storage that can be executed by (micro-) processor
Computer readable program code (such as software or firmware) computer-readable medium, logic gate, switch, specific integrated circuit
(Application Specific Integrated Circuit, ASIC), programmable logic controller (PLC) and insertion microcontroller
Form etc..The storage implement body can be in modern information technologies for protecting stored memory device.The storage
Device may include many levels, in digital display circuit, as long as can save binary data can be memory;In integrated electricity
The circuit with store function of Lu Zhong, a not no physical form are also memory, such as RAM, FIFO;In systems, have
There is the storage equipment of physical form to be also memory, such as memory bar, TF card.
In the present embodiment, the function and effect of electronic equipment specific implementation, can compare with other embodiment
It explains, details are not described herein.
The embodiment of the present application also provides a kind of computer storage medium based on key migration method, the computer is deposited
Storage media is stored with computer program instructions, is performed realization in the computer program instructions: receiving the first client and set
The key migration request that preparation rises, wherein the identity information of the account of login first client device and second visitor
The identity information of account in the end equipment of family matches;The key migration request is responded, it is public to generate second by re-encryption system
Key and the second private key, and obtain the first public key that the first client device generates, wherein first client device passes through weight
Encryption system generates the first public key and the first private key;According to second public key and second key components, it is close to generate first
Literary data;And according to first public key and second private key, re-encrypted private key is generated;By the first ciphertext data and institute
It states re-encrypted private key and is sent to server, wherein the server is used for according to the first ciphertext data and the re-encryption
Key generates the second ciphertext data, and the second ciphertext data are sent to the first client device;First client
Equipment obtains second key components for the second ciphertext data to be decrypted using first private key.
In the present embodiment, above-mentioned storage medium includes but is not limited to random access memory (Random Access
Memory, RAM), read-only memory (Read-Only Memory, ROM), caching (Cache), hard disk (Hard Disk
Drive, HDD) or storage card (Memory Card).The memory can be used for storing computer program instructions.Network is logical
Letter unit can be according to standard setting as defined in communication protocol, for carrying out the interface of network connection communication.
In the present embodiment, the function and effect of the program instruction specific implementation of computer storage medium storage, can
To compare explanation with other embodiment, details are not described herein.
Although mentioning different specific embodiments in teachings herein, the application is not limited to be industry
Situation described in standard or embodiment etc., certain professional standards or the implementation base described using customized mode or embodiment
On plinth embodiment modified slightly also may be implemented above-described embodiment it is identical, it is equivalent or it is close or deformation after it is anticipated that
Implementation result.It, still can be with using these modifications or the embodiment of deformed data acquisition, processing, output, judgment mode etc.
Belong within the scope of the optional embodiment of the application.
Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive
The means for the property made may include more or less operating procedure.The step of enumerating in embodiment sequence is only numerous steps
One of execution sequence mode, does not represent and unique executes sequence.It, can when device or client production in practice executes
To execute or parallel execute (such as at parallel processor or multithreading according to embodiment or method shown in the drawings sequence
The environment of reason, even distributed data processing environment).The terms "include", "comprise" or its any other variant are intended to contain
Lid non-exclusive inclusion, so that process, method, product or equipment including a series of elements are not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, product or equipment
Intrinsic element.In the absence of more restrictions, be not precluded include the process, method of the element, product or
There is also other identical or equivalent elements in person's equipment.
Device that above-described embodiment illustrates or module etc. can specifically realize by computer chip or entity, or by having
There is the product of certain function to realize.For convenience of description, it is divided into various modules when description apparatus above with function to retouch respectively
It states.Certainly, the function of each module can be realized in the same or multiple software and or hardware when implementing the application,
The module for realizing same function can be realized by the combination of multiple submodule etc..Installation practice described above is only
Schematically, for example, the division of the module, only a kind of logical function partition, can there is other draw in actual implementation
The mode of dividing, such as multiple module or components can be combined or can be integrated into another system, or some features can be ignored,
Or it does not execute.
It is also known in the art that other than realizing controller in a manner of pure computer readable program code, it is complete
Entirely can by by method and step carry out programming in logic come so that controller with logic gate, switch, specific integrated circuit, programmable
Logic controller realizes identical function with the form for being embedded in microcontroller etc..Therefore this controller is considered one kind
Hardware component, and the structure that the device for realizing various functions that its inside includes can also be considered as in hardware component.Or
Person even, can will be considered as realizing the device of various functions either the software module of implementation method can be hardware again
Structure in component.
The application can describe in the general context of computer-executable instructions executed by a computer, such as program
Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group
Part, data structure, class etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments,
By executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module can
To be located in the local and remote computer storage media including storage equipment.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, mobile terminal, server or the network equipment etc.) executes each embodiment of the application or implementation
Method described in certain parts of example.
Each embodiment in this specification is described in a progressive manner, the same or similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.The application can be used for crowd
In mostly general or special purpose computing system environments or configuration.Such as: personal computer, server computer, handheld device or
Portable device, laptop device, multicomputer system, microprocessor-based system, set top box, programmable electronics set
Standby, network PC, minicomputer, mainframe computer, distributed computing environment including any of the above system or equipment etc..
Although depicting the application by embodiment, it will be appreciated by the skilled addressee that the application there are many deformation and
Variation is without departing from spirit herein, it is desirable to which appended embodiment includes these deformations and changes without departing from the application.
Claims (10)
1. a kind of key migration method, which is characterized in that the method is applied to include the first client device, the second client
In end equipment and the system of server, wherein second client device preserves the second key components, and the server is protected
There is first key component, which comprises
First client device initiates key migration request, and generates the first public key and the first private by re-encryption system
Key;
Second client device responds the key migration request, generates the second public key and the second private by re-encryption system
Key;
Second client device obtains first public key, and according to second public key and second key components,
Generate the first ciphertext data;According to first public key and second private key, re-encrypted private key is generated;
The first ciphertext data and the re-encrypted private key are sent to server by second client device;
The server carries out preset re-encryption operation, obtains according to the first ciphertext data and the re-encrypted private key
Second ciphertext data;And the second ciphertext data are sent to the first client device;
First client device is decrypted the second ciphertext data using first private key, obtains described
Second key components.
2. the method according to claim 1, wherein utilizing first private key in first client device
The second ciphertext data are decrypted, after obtaining second key components, the method also includes:
First client device sends the second key components to second client device and collects mail really breath;
Second client device responds the acknowledgement information, destroys the second key for being stored in the second client device local
Component.
3. the method according to claim 1, wherein initiating key migration request in first client device
Before, the method also includes:
First client device receives key migration instruction;
First client device responds the key migration instruction, believes the identity for the account for logging in the first client device
Breath is verified, the account on the identity information and the second client device that verifying logs in the account of the first client device
In the matched situation of identity information, the key migration request is initiated.
4. a kind of key migration method, which is characterized in that the method is applied to the second client device, second client
Equipment preserves the second key components, which comprises
Receive the key migration request of the first client device initiation, wherein log in the account of first client device
Identity information is matched with the identity information of the account on second client device;
The key migration request is responded, the second public key and the second private key are generated by re-encryption system, and obtain the first client
The first public key that end equipment generates, wherein first client device generates the first public key and first by re-encryption system
Private key;
According to second public key and second key components, the first ciphertext data are generated;And according to first public key and
Second private key generates re-encrypted private key;
The first ciphertext data and the re-encrypted private key are sent to server, wherein the server is used for according to institute
It states the first ciphertext data and the re-encrypted private key generates the second ciphertext data, and the second ciphertext data are sent to first
Client device;First client device is used to that place to be decrypted to the second ciphertext data using first private key
Reason, obtains second key components.
5. according to the method described in claim 4, it is characterized in that, by the first ciphertext data and the re-encrypted private key
After being sent to server, the method also includes:
The second key components for receiving the transmission of the first client are collected mail breath really, wherein first client device is obtaining
In the case where second key components, the acknowledgement information is generated;
The acknowledgement information is responded, the second saved key components are destroyed.
6. according to the method described in claim 4, it is characterized in that, the first public key that the first client device of acquisition generates, packet
It includes:
Obtain the default two dimensional code of the first client device generation;
The default two dimensional code is parsed, first public key is obtained.
7. a kind of key migration method, which is characterized in that the method is applied to the first client device, which comprises
Key migration request is initiated, and the first public key and the first private key are generated by re-encryption system;
The first public key is sent to the second client device, wherein the second client end equipment responds the key migration and asks
It asks, the second public key and the second private key is generated by re-encryption system, second client device also preserves the second key point
Amount;
Receive the second ciphertext data that server is sent, wherein the second ciphertext data are server according to second visitor
First ciphertext data and re-encrypted private key provided by the end equipment of family are obtained by the preset re-encryption operation of progress, described
First ciphertext data are that the second client device is generated according to second public key and second key components, described heavy
Encryption key is that second client device is generated according to first public key and second private key;
The second ciphertext data are decrypted using first private key, obtain the second key components.
8. the method according to the description of claim 7 is characterized in that in utilization first private key to the second ciphertext data
It is decrypted, after obtaining the second key components, the method also includes:
The second key components are generated to collect mail really breath;
The acknowledgement information is sent to first client device.
9. a kind of key migration device characterized by comprising
Receiving module, for receiving the key migration request of the first client device initiation, wherein log in first client
The identity information of the account of equipment is matched with the identity information of the account on the second client device;
First processing module generates the second public key and the second private by re-encryption system for responding the key migration request
Key, and obtain the first public key that the first client device generates, wherein first client device is raw by re-encryption system
At the first public key and the first private key;
Second processing module, for generating the first ciphertext data according to second public key and the second key components;And according to institute
The first public key and second private key are stated, re-encrypted private key is generated;
Sending module, for the first ciphertext data and the re-encrypted private key to be sent to server, wherein the service
Device is used to generate the second ciphertext data according to the first ciphertext data and the re-encrypted private key, and by the second ciphertext number
According to being sent to the first client device;First client device is used for using first private key to the second ciphertext number
According to being decrypted, second key components are obtained.
10. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that described instruction is performed
The step of any one of Shi Shixian claim 4 to 6 the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910132901.9A CN109903047A (en) | 2019-02-22 | 2019-02-22 | Key migration method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910132901.9A CN109903047A (en) | 2019-02-22 | 2019-02-22 | Key migration method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109903047A true CN109903047A (en) | 2019-06-18 |
Family
ID=66945239
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910132901.9A Pending CN109903047A (en) | 2019-02-22 | 2019-02-22 | Key migration method and apparatus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109903047A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111953484A (en) * | 2020-08-03 | 2020-11-17 | 上海移远通信技术股份有限公司 | Communication method, device and client |
CN112702332A (en) * | 2020-12-21 | 2021-04-23 | 张华� | Chain key exchange method, client, server and system |
CN113542303A (en) * | 2021-08-03 | 2021-10-22 | 上海瓶钵信息科技有限公司 | Software importing system and method of secret key in non-trusted environment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651543A (en) * | 2009-09-04 | 2010-02-17 | 瑞达信息安全产业股份有限公司 | Creditable calculation platform key migration system and key migration method thereof |
CN104052592A (en) * | 2011-07-21 | 2014-09-17 | 华为技术有限公司 | Secret key backup and transfer method and system based on trusted computing |
US20140270179A1 (en) * | 2011-07-21 | 2014-09-18 | Huawei Technologies Co., Ltd. | Method and system for key generation, backup, and migration based on trusted computing |
CN107404472A (en) * | 2016-05-19 | 2017-11-28 | 恩智浦有限公司 | The migration of Client-initiated encryption key |
CN108155988A (en) * | 2017-12-22 | 2018-06-12 | 浪潮(北京)电子信息产业有限公司 | A kind of moving method, device, equipment and readable storage medium storing program for executing for protecting key |
CN109361704A (en) * | 2018-12-12 | 2019-02-19 | 深圳市网心科技有限公司 | Cloud storage data encryption and transmission method, system, equipment and storage medium |
-
2019
- 2019-02-22 CN CN201910132901.9A patent/CN109903047A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651543A (en) * | 2009-09-04 | 2010-02-17 | 瑞达信息安全产业股份有限公司 | Creditable calculation platform key migration system and key migration method thereof |
CN104052592A (en) * | 2011-07-21 | 2014-09-17 | 华为技术有限公司 | Secret key backup and transfer method and system based on trusted computing |
US20140270179A1 (en) * | 2011-07-21 | 2014-09-18 | Huawei Technologies Co., Ltd. | Method and system for key generation, backup, and migration based on trusted computing |
CN107404472A (en) * | 2016-05-19 | 2017-11-28 | 恩智浦有限公司 | The migration of Client-initiated encryption key |
CN108155988A (en) * | 2017-12-22 | 2018-06-12 | 浪潮(北京)电子信息产业有限公司 | A kind of moving method, device, equipment and readable storage medium storing program for executing for protecting key |
CN109361704A (en) * | 2018-12-12 | 2019-02-19 | 深圳市网心科技有限公司 | Cloud storage data encryption and transmission method, system, equipment and storage medium |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111953484A (en) * | 2020-08-03 | 2020-11-17 | 上海移远通信技术股份有限公司 | Communication method, device and client |
CN112702332A (en) * | 2020-12-21 | 2021-04-23 | 张华� | Chain key exchange method, client, server and system |
CN113542303A (en) * | 2021-08-03 | 2021-10-22 | 上海瓶钵信息科技有限公司 | Software importing system and method of secret key in non-trusted environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109983466B (en) | Account management system and method based on block chain and storage medium | |
US10382434B2 (en) | Actively federated mobile authentication | |
Li et al. | A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments | |
CN102055730B (en) | Cloud processing system, cloud processing method and cloud computing agent device | |
CN109981576A (en) | Key migration method and apparatus | |
CA2926128C (en) | Authorization of server operations | |
US8909933B2 (en) | Decoupled cryptographic schemes using a visual channel | |
CN105556891B (en) | Method, system and the storage medium of session token are sent by passive client | |
CN111431713B (en) | Private key storage method and device and related equipment | |
CN113095749A (en) | Logistics information transmission method, system and device based on block chain | |
CN106452775A (en) | Method and apparatus for accomplishing electronic signing and signing server | |
CN105453483A (en) | Image based key derivation function | |
CN113056741A (en) | Profile verification based on distributed ledger | |
CN107295069A (en) | Data back up method, device, storage medium and server | |
US20160078446A1 (en) | Method and apparatus for secure online credit card transactions and banking | |
CN103107995A (en) | Cloud computing environmental data secure storage system and method | |
CN104967597A (en) | Third-party application message authentication method and system based on secure channel | |
CN109903047A (en) | Key migration method and apparatus | |
WO2020168546A1 (en) | Secret key migration method and apparatus | |
CN109728905B (en) | Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool | |
Alemami et al. | Cloud data security and various cryptographic algorithms | |
CN102761556A (en) | Method to protect communication security and privacy function of mobile client | |
CN116226289A (en) | Electronic certificate management method, device, equipment and storage medium based on blockchain | |
CN108564330B (en) | Information processing method and platform and computer readable medium | |
CN110401531B (en) | Cooperative signature and decryption system based on SM9 algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40009458 Country of ref document: HK |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190618 |