CN109922084A - Key management method, device and electronic equipment - Google Patents
Key management method, device and electronic equipment Download PDFInfo
- Publication number
- CN109922084A CN109922084A CN201910287440.2A CN201910287440A CN109922084A CN 109922084 A CN109922084 A CN 109922084A CN 201910287440 A CN201910287440 A CN 201910287440A CN 109922084 A CN109922084 A CN 109922084A
- Authority
- CN
- China
- Prior art keywords
- key
- user terminal
- ciphertext
- private key
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The technical issues of this application provides a kind of key management method, device and electronic equipments, are related to technical field of data administration, are just difficult to give for change after can solve the private key loss of user terminal preservation, and then are brought inconvenience to user using private key.This method comprises: being combined the private key of the public key of provider server and the user terminal by public key encryption algorithm, first key is generated, and carry out symmetric cryptography using private key of the first key to the user terminal, obtain the first ciphertext;The private key of the public key of third-party server and the user terminal is combined by public key encryption algorithm, the second key is generated, and carry out symmetric cryptography using the private key of user terminal described in second key pair, obtains the second ciphertext;First ciphertext is sent to the third-party server, and second ciphertext is sent to the provider server.
Description
Technical field
This application involves technical field of data administration, set more particularly, to a kind of key management method, device and electronics
It is standby.
Background technique
Key is a kind of parameter, it is inputted in converting plaintext into ciphertext or the algorithm for converting ciphertext into plaintext
Parameter.
The ciphering process of key is divided into symmetric key encryption (referred to as: symmetric cryptography) and asymmetric-key encryption (referred to as: non-
Symmetric cryptography).Symmetric key encryption refers to the sender of information and recipient is to go encrypting and decrypting data using the same key,
I.e. symmetric cryptography uses the same code key in encryption and decryption.And asymmetric-key encryption refers to that information is that needs two are close
Key is encrypted and decrypted, the two code keys are public-key cryptography (public key, referred to as: public key) and private cipher key respectively
(private key, referred to as: private key).
It is saved currently, the private key of user is generally stored in user terminal by user.But the case where using this preserving type
Under, if the private key that user terminal saves is lost, just it is difficult to give for change, and then bring inconvenience to user using private key.
Summary of the invention
In view of this, the application's is designed to provide a kind of key management method, device and electronic equipment, to solve
The private key that user terminal existing in the prior art saves just is difficult to give for change after losing, and then brought inconvenience to user using private key
Technical problem.
In a first aspect, the embodiment of the present application provides a kind of key management method, it is applied to user terminal, comprising:
The private key of the public key of provider server and the user terminal is combined by public key encryption algorithm, it is raw
Symmetric cryptography is carried out at first key, and using private key of the first key to the user terminal, obtains the first ciphertext;
The private key of the public key of third-party server and the user terminal is combined by public key encryption algorithm, it is raw
Symmetric cryptography is carried out at the second key, and using the private key of user terminal described in second key pair, obtains the second ciphertext;
First ciphertext is sent to the third-party server, and second ciphertext is sent to the provider
Server.
With reference to first aspect, the embodiment of the present application provides the first possible embodiment of first aspect, wherein institute
State method further include:
If the user terminal receives private key and gives instruction for change, the first request is sent to the provider server, and
The second request is sent to the third-party server;
Receive second ciphertext that the provider server is sent according to first request;
The third key that the third-party server is sent according to second request is received, the third key is to pass through
The public key of the private key of the third-party server and the user terminal is combined and generates by public key encryption algorithm, described
Third key is identical as second key;
It is decrypted using the second ciphertext described in the third key pair, obtains the private key of the user terminal.
With reference to first aspect, the embodiment of the present application provides second of possible embodiment of first aspect, wherein institute
State method further include:
If the user terminal receives private key and gives instruction for change, third request is sent to the third-party server, and
The 4th request is sent to the provider server;
Receive first ciphertext that the third-party server is sent according to third request;
The 4th key that the provider server is sent according to the 4th request is received, the 4th key is to pass through
The public key of the private key of the provider server and the user terminal is combined and generates by public key encryption algorithm, described
4th key is identical as the first key;
It is decrypted using the first ciphertext described in the 4th key pair, obtains the private key of the user terminal.
With reference to first aspect, the embodiment of the present application provides the third possible embodiment of first aspect, wherein institute
Stating first key and second key is symmetric key.
Second aspect, the embodiment of the present application also provide a kind of key management apparatus, are applied to user terminal, comprising:
First generation module, for passing through public key encryption algorithm for the public key of provider server and the user terminal
Private key be combined, generate first key, and using the first key to the private key of user terminal progress symmetric cryptography,
Obtain the first ciphertext;
Second generation module, for passing through public key encryption algorithm for the public key of third-party server and the user terminal
Private key be combined, generate the second key, and using the private key of user terminal described in second key pair progress symmetric cryptography,
Obtain the second ciphertext;
Sending module for first ciphertext to be sent to the third-party server, and second ciphertext is sent out
It send to the provider server.
In conjunction with second aspect, the embodiment of the present application provides the first possible embodiment of second aspect, wherein institute
Stating device further includes the first acquisition module, is specifically used for:
If the user terminal receives private key and gives instruction for change, the first request is sent to the provider server, and
The second request is sent to the third-party server;
Receive second ciphertext that the provider server is sent according to first request;
The third key that the third-party server is sent according to second request is received, the third key is to pass through
The public key of the private key of the third-party server and the user terminal is combined and generates by public key encryption algorithm, described
Third key is identical as second key;
It is decrypted using the second ciphertext described in the third key pair, obtains the private key of the user terminal.
In conjunction with second aspect, the embodiment of the present application provides second of possible embodiment of second aspect, wherein institute
Stating device further includes the second acquisition module, is specifically used for:
If the user terminal receives private key and gives instruction for change, third request is sent to the third-party server, and
The 4th request is sent to the provider server;
Receive first ciphertext that the third-party server is sent according to third request;
The 4th key that the provider server is sent according to the 4th request is received, the 4th key is to pass through
The public key of the private key of the provider server and the user terminal is combined and generates by public key encryption algorithm, described
4th key is identical as the first key;
It is decrypted using the first ciphertext described in the 4th key pair, obtains the private key of the user terminal.
In conjunction with second aspect, the embodiment of the present application provides the third possible embodiment of second aspect, wherein institute
Stating first key and second key is symmetric key.
The third aspect, the embodiment of the present application also provide a kind of electronic equipment, including memory, processor, the memory
In be stored with the computer program that can be run on the processor, the processor is realized when executing the computer program
The step of stating method as described in relation to the first aspect.
Fourth aspect, the embodiment of the present application also provide a kind of meter of non-volatile program code that can be performed with processor
Calculation machine readable medium, said program code make the method for the processor execution as described in relation to the first aspect.
Technical solution provided by the embodiments of the present application brings following the utility model has the advantages that in the present solution, since user terminal will add
User terminal private key after close is respectively sent in provider server and third-party server, is saved by both servers, i.e.,
The private key for saving user terminal is lost, and the private key of user terminal can also be obtained by both servers.Also, due to user
It is encrypted that end, which is sent to the user terminal private key of provider server, and the key of this encryption is by third-party server public affairs
Made of key and user terminal private key combination, therefore provider server can not be detached from third-party server and individually obtain user terminal
Private key.Similarly, third-party server can not also be detached from provider server and individually obtain the private key of user terminal, and then also protect
The safety of user terminal private key is demonstrate,proved.
Other feature and advantage of the application will illustrate in the following description, also, partly become from specification
It obtains it is clear that being understood and implementing the application.The purpose of the application and other advantages are in specification and attached drawing
Specifically noted structure is achieved and obtained.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the application specific embodiment or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the application, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 shows the flow chart of key management method provided by the embodiment of the present application one;
Fig. 2 shows the flow charts of key management method provided by the embodiment of the present application two;
Fig. 3 shows a kind of structural schematic diagram of key management apparatus provided by the embodiment of the present application three;
Fig. 4 shows the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present application four.
Specific embodiment
The feature and exemplary embodiment of various aspects of the invention is described more fully below.In following detailed description
In, many details are proposed, in order to provide complete understanding of the present invention.But to those skilled in the art
It will be apparent that the present invention can be implemented in the case where not needing some details in these details.Below to implementation
The description of example is used for the purpose of providing by showing example of the invention and better understanding of the invention.The present invention never limits
In any concrete configuration set forth below and algorithm, but cover under the premise of without departing from the spirit of the present invention element,
Any modification, replacement and the improvement of component and algorithm.In the the accompanying drawings and the following description, well known structure and skill is not shown
Art is unnecessary fuzzy to avoid causing the present invention.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
In addition, the term " includes " being previously mentioned in description of the invention and " having " and their any deformation, it is intended that
It is to cover and non-exclusive includes.Such as the process, method, system, product or equipment for containing a series of steps or units do not have
It is defined in listed step or unit, but optionally further comprising the step of other are not listed or unit, or optionally
It further include the other step or units intrinsic for these process, methods, product or equipment.
It is saved currently, the private key of user is generally stored in user terminal by user.But the case where using this preserving type
Under, if the private key that user terminal saves is lost, just it is difficult to give for change, and then bring inconvenience to user using private key.Based on this, this Shen
Please embodiment provide a kind of key management method, device and electronic equipment, can solve user existing in the prior art
The technical issues of being just difficult to give for change after the private key loss that end saves, and then being brought inconvenience to user using private key.
For convenient for understanding the present embodiment, first to a kind of key management method disclosed in the embodiment of the present application,
Device and electronic equipment describe in detail.
Embodiment one:
A kind of key management method provided by the embodiments of the present application is applied to user terminal, as shown in Figure 1, comprising:
The private key of the public key of provider server and user terminal: being combined by S11 by public key encryption algorithm, raw
Symmetric cryptography is carried out at first key, and using private key of the first key to user terminal, obtains the first ciphertext.
In the present embodiment, provider server, user terminal, third-party server have a public private key pair, i.e., one respectively
Public key and a private key.Wherein, third-party server can be the server of third party credit institution.As a preferred side
The public key of user terminal is sent to provider server and third-party server first by case, user terminal.
In this step, user terminal passes through public key encryption algorithm, it will thus provide the private of the public key and user terminal of quotient's server
Key is combined into a first key (provider server public key+user terminal private key).
It should be noted that public key encryption algorithm (public-key cryptography) is a kind of cryptography calculation
Method type, common public key encryption algorithm have: knapsack algorithm, elliptic curve encryption algorithm (Elliptic Curve
Cryptography, ECC), the public key encryption algorithm in graceful (Diffie-Hellman) Key Exchange Protocol of diffie-hellman.This
In embodiment, utilize the public key encryption algorithm in the graceful Key Exchange Protocol of diffie-hellman, it will thus provide the public key of quotient's server and
The private key of user terminal is combined, and then is combined into first key.
Then, user terminal carries out user terminal private key using first key (provider server public key+user terminal private key)
Symmetric cryptography, to obtain the first ciphertext (M1).Specifically, by first key (provider server public key+user terminal private key)
It, will using the key pair that will be encrypted using user terminal private key as by original text to be encrypted as the key that will be encrypted
Encrypted original text carries out symmetric cryptography, and then obtains the first ciphertext (M1).
The private key of the public key of third-party server and user terminal: being combined by S12 by public key encryption algorithm, raw
Symmetric cryptography is carried out at the second key, and using the private key of the second key pair user terminal, obtains the second ciphertext.
In this step, user terminal is by public key encryption algorithm, by the private of the public key of third-party server and user terminal
Key is combined into second key (third-party server public key+user terminal private key).
Then, user terminal carries out user terminal private key using the second key (third-party server public key+user terminal private key)
Symmetric cryptography, to obtain the second ciphertext (M2).Specifically, by the second key (third-party server public key+user terminal private key)
It, will using the key pair that will be encrypted using user terminal private key as by original text to be encrypted as the key that will be encrypted
Encrypted original text carries out symmetric cryptography, and then obtains the second ciphertext (M2).
S13: the first ciphertext is sent to third-party server, and the second ciphertext is sent to provider server.
In practical applications, user terminal sends third-party server for the first ciphertext (M1) and saves, and by the second ciphertext
(M2) it is sent to provider server preservation.
For the prior art, the key of digital wallet application be all saved in client by user, once user
Key is lost, and will be unable to give for change.This significantly increases user's assets security risk.Therefore, current user key storage side
Case haves the defects that certain.If but be stored on the server of application program provider, provider will have the account of user
Absolute control, this is apparently not what user wanted.
By the way that user key to be stored encrypted on provider server and third party credit institution server, by both
Server saves, even if the private key that user terminal saves is lost, can also give the private key of user terminal for change by both servers.
Since the user terminal private key that user terminal is sent to provider server is encrypted, and the key of this encryption is by third party
Made of server public key and user terminal private key combination, therefore provider server can not be detached from third-party server and individually obtain
Obtain the private key of user terminal.Similarly, third-party server can not also be detached from provider server and individually obtain the private key of user terminal,
Therefore it provides quotient's server and third-party server either side can not all decrypt user key, even if a wherein number formulary evidence
Leakage, can not still decrypt user key, and then ensure that the safety of user terminal private key.
Furthermore the update of key can also be carried out by key management method provided by the embodiments of the present application.User terminal will
It is sent on provider server and third party credit institution server after the encryption of new user key after modification, is mentioned with substitution
For user key old in quotient's server and third party credit institution server.New user key encryption after by that will modify
It is stored on provider server and third party credit institution server, is saved by both servers, even if user terminal saves
Modification after new private key lose, new private key after user terminal modification can also be given for change by both servers.By
In the new private key of the user terminal that user terminal is sent to provider server be encrypted, and this encryption key be by third
Made of square server public key and user terminal private key combination, therefore provider server can not be detached from third-party server and independent
Obtain the new private key of user terminal.Similarly, third-party server can not also be detached from provider server and individually to obtain user terminal new
Private key, therefore it provides quotient's server and third-party server either side can not all decrypt it is new close after user's modification
Key can not still decrypt the new key of user, and then ensure that the safety of user terminal private key even if wherein side's data leak
Property.
Embodiment two:
A kind of key management method provided by the embodiments of the present application is applied to user terminal, as shown in Figure 2, comprising:
The private key of the public key of provider server and user terminal: being combined by S21 by public key encryption algorithm, raw
Symmetric cryptography is carried out at first key, and using private key of the first key to user terminal, obtains the first ciphertext.
The private key of the public key of third-party server and user terminal: being combined by S22 by public key encryption algorithm, raw
Symmetric cryptography is carried out at the second key, and using the private key of the second key pair user terminal, obtains the second ciphertext.
Wherein, first key and the second key are symmetric key.
S23: the first ciphertext is sent to third-party server, and the second ciphertext is sent to provider server.
S24: when user terminal receives private key and gives instruction for change, then the first request, Yi Jixiang are sent to provider server
Third-party server sends the second request.
The copy that a private key for user is had in user terminal, when the operations such as initiation transaction, signature need to use private key, directly
It connects from local and reads.If private key for user is accidentally lost, can be given for change to provider server and third-party server initiation
Key request.
Specifically, user terminal requests the second ciphertext (M2) to provider server, user terminal is requested to third-party server
Third key, third key are that third-party server passes through public key encryption algorithm for the private key of third-party server and user
The public key at end is combined and generates.
S25: the second ciphertext that provider server is sent according to the first request is received.
Provider server after to user terminal progress, the authentication is passed, request according to first to user by provider server
End sends the second ciphertext (M2), and user terminal receives the second ciphertext that provider server is sent.
S26: the third key that third-party server is sent according to the second request is received, third key is to pass through public-key cryptography
The public key of the private key of third-party server and user terminal is combined and generates by Encryption Algorithm, third key and the second key phase
Together.
Third-party server by public key encryption algorithm by the public key of the private key of third-party server and user terminal into
Row combination, and then generate third key (third-party server private key+user terminal public key).Third-party server is asked further according to second
It asks and third key (third-party server private key+user terminal public key) is sent to user terminal.User terminal receives third-party server
The third key of transmission.The third key is also symmetric key.
Based on the graceful Key Exchange Protocol of diffie-hellman in public key encryption algorithm it is found that third key (third party
Privacy key+user terminal public key) and the second key (third-party server public key+user terminal private key) be equal.It needs
It is bright, in the graceful Key Exchange Protocol of diffie-hellman, the key generated after the public key of the side A and the private key combination of the side B, with the side B
Public key and the side A private key combination after the key that generates, the cipher key content of the two is identical.
For example, being the first shared key by the key generated after the public key of the side A and the private key combination of the side B, by the public key of the side B
It is the second shared key with the key generated after the private key combination of the side A, the first shared key and the second shared key here
Content is identical.Therefore, public/private keys are generated to rear, distribution public key, in the true of the mutual public key of acquisition in A, B each party
After real copy, A and B can be with the identical shared keys of both off-line calculations.In the present embodiment, by this shared key (in i.e.
Hold identical third key and the second key) it is used as the key of symmetric cryptography, symmetric cryptography is carried out to the private key of user terminal.
S27: it is decrypted using the second ciphertext of third key pair, obtains the private key of user terminal.
Since the content of third key and the second key is identical, user terminal can using the second ciphertext of third key pair into
Row decryption.Specifically, user terminal utilizes third key (third-party server private key+user terminal public key), to the second ciphertext (M2)
Ciphertext is obtained after carrying out symmetric cryptography to user terminal private key by the second key (third-party server public key+user terminal private key),
It is decrypted, the private key of user can be obtained.
As the another embodiment of the present embodiment, if user terminal receives private key and gives instruction for change, can also carry out with
Lower step:
User terminal sends third request to third-party server, and sends the 4th request to provider server.Then,
User terminal receives the first ciphertext that third-party server is sent according to third request, and user terminal receives provider server according to the
The 4th key that four requests are sent, wherein the 4th key is the private key by public key encryption algorithm by provider server
It is combined and generates with the public key of user terminal, similarly, the 4th key is identical as first key.Finally, user terminal utilizes the 4th
The first ciphertext of key pair is decrypted, and obtains the private key of user terminal.
In the present embodiment, more new key can also be modified using step S21 to step S23, specific:
Provider first authenticates user terminal.The new public key in user terminal upload user end is to provider server, in turn
Replace the old public key of the user terminal saved in provider server.Same method updates the use saved on third-party server
The old public key in family end is replaced with the new public key of user terminal.
The new private key of the public key of provider server and user terminal is carried out group by public key encryption algorithm by user terminal
It closes, generates the 5th key, and carry out symmetric cryptography using the new private key of the 5th key pair user terminal, obtain third ciphertext.
The new private key of the public key of third-party server and user terminal is carried out group by public key encryption algorithm by user terminal
It closes, generates the 6th key, and carry out symmetric cryptography using the new private key of the 6th key pair user terminal, obtain the 4th ciphertext.
Finally, third ciphertext is sent to third-party server by user terminal replaces the first old ciphertext, and close by the 4th
Text is sent to provider server and replaces the second old ciphertext, and the update of key can be completed.
Embodiment three:
A kind of key management apparatus provided by the embodiments of the present application is applied to user terminal, as shown in figure 3, key management fills
Setting 3 includes: the first generation module 31, the second generation module 32 and sending module 33.
First generation module is used to pass through public key encryption algorithm for the private of the public key of provider server and user terminal
Key is combined, and generates first key, and carry out symmetric cryptography using private key of the first key to user terminal, it is close to obtain first
Text.
Second generation module is used to pass through public key encryption algorithm for the private of the public key of third-party server and user terminal
Key is combined, and generates the second key, and carry out symmetric cryptography using the private key of the second key pair user terminal, it is close to obtain second
Text.Wherein, first key and the second key are symmetric key.
As the preferred embodiment of the present embodiment, sending module is used to the first ciphertext being sent to third-party server,
And the second ciphertext is sent to provider server.
Key management apparatus further includes the first acquisition module, is specifically used for: if user terminal receives private key and gives instruction for change,
The first request is sent to provider server, and sends the second request to third-party server;Receive provider server root
The second ciphertext sent according to the first request;Receive the third key that third-party server is sent according to the second request, third key
It is to be combined the public key of the private key of third-party server and user terminal by public key encryption algorithm to generate, third is close
Key is identical as the second key;It is decrypted using the second ciphertext of third key pair, obtains the private key of user terminal.
Key management apparatus device further includes the second acquisition module, is specifically used for: if user terminal receives private key and gives finger for change
It enables, then sends third request to third-party server, and send the 4th request to provider server;Receive third party's service
The first ciphertext that device is sent according to third request;The 4th key that reception provider server is sent according to the 4th request, the 4th
Key is to be combined the public key of the private key of provider server and user terminal by public key encryption algorithm to generate, the
Four keys are identical as first key;It is decrypted using the 4th the first ciphertext of key pair, obtains the private key of user terminal.
It is provided by the embodiments of the present application that there is key management apparatus, have with key management method provided by the above embodiment
Identical technical characteristic reaches identical technical effect so also can solve identical technical problem.
Example IV:
A kind of electronic equipment provided by the embodiments of the present application, as shown in figure 4, electronic equipment 4 includes memory 41, processor
42, the computer program that can be run on the processor is stored in the memory, the processor executes the calculating
The step of method that above-described embodiment one or embodiment two provide is realized when machine program.
Referring to fig. 4, electronic equipment further include: bus 43 and communication interface 44, processor 42, communication interface 44 and memory
41 are connected by bus 43;Processor 42 is for executing the executable module stored in memory 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, Random Access Memory),
It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least
One communication interface 44 (can be wired or wireless) realizes the communication between the system network element and at least one other network element
Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 43 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data
Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 4, it is not intended that an only bus or
A type of bus.
Wherein, memory 41 is for storing program, and the processor 42 executes the journey after receiving and executing instruction
Sequence, method performed by the device that the process that aforementioned the application any embodiment discloses defines can be applied in processor 42,
Or it is realized by processor 42.
Processor 42 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side
Each step of method can be completed by the integrated logic circuit of the hardware in processor 42 or the instruction of software form.Above-mentioned
Processor 42 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network
Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal
Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable
Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present application
Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint
What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly in hardware decoding processing
Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at
Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally
In the storage medium of field maturation.The storage medium is located at memory 41, and processor 42 reads the information in memory 41, in conjunction with
Its hardware completes the step of above method.
Embodiment five:
It is provided by the embodiments of the present application it is a kind of with processor can be performed non-volatile program code it is computer-readable
Medium, said program code make the method that the processor executes above-described embodiment one or embodiment two provides.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table
It is not limited the scope of the application up to formula and numerical value.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In all examples being illustrated and described herein, any occurrence should be construed as merely illustratively, without
It is as limitation, therefore, other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The flow chart and block diagram in the drawings show system, method and the computer journeys according to multiple embodiments of the application
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, section or code of table, a part of the module, section or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base
Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that
It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule
The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
The computer-readable medium of the non-volatile program code provided by the embodiments of the present application that can be performed with processor,
With key management method provided by the above embodiment, device and electronic equipment technical characteristic having the same, so can also solve
Certainly identical technical problem reaches identical technical effect.
In addition, term " first ", " second ", " third " are used for description purposes only, it is not understood to indicate or imply phase
To importance.
The computer program product of key management method is carried out provided by the embodiment of the present application, including stores processor
The computer readable storage medium of executable non-volatile program code, the instruction that said program code includes can be used for executing
Previous methods method as described in the examples, specific implementation can be found in embodiment of the method, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application
Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen
It please be described in detail, those skilled in the art should understand that: anyone skilled in the art
Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution, should all cover the protection in the application
Within the scope of.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.
Claims (10)
1. a kind of key management method is applied to user terminal characterized by comprising
The private key of the public key of provider server and the user terminal is combined by public key encryption algorithm, generates the
One key, and symmetric cryptography is carried out using private key of the first key to the user terminal, obtain the first ciphertext;
The private key of the public key of third-party server and the user terminal is combined by public key encryption algorithm, generates the
Two keys, and symmetric cryptography is carried out using the private key of user terminal described in second key pair, obtain the second ciphertext;
First ciphertext is sent to the third-party server, and second ciphertext is sent to the provider and is serviced
Device.
2. the method according to claim 1, wherein the method also includes:
If the user terminal receives private key and gives instruction for change, the first request is sent to the provider server, and to institute
It states third-party server and sends the second request;
Receive second ciphertext that the provider server is sent according to first request;
The third key that the third-party server is sent according to second request is received, the third key is to pass through disclosure
The public key of the private key of the third-party server and the user terminal is combined and generates by secret key cryptographic algorithm, the third
Key is identical as second key;
It is decrypted using the second ciphertext described in the third key pair, obtains the private key of the user terminal.
3. method according to claim 1 or 2, which is characterized in that the method also includes:
If the user terminal receives private key and gives instruction for change, third request is sent to the third-party server, and to institute
It states provider server and sends the 4th request;
Receive first ciphertext that the third-party server is sent according to third request;
The 4th key that the provider server is sent according to the 4th request is received, the 4th key is to pass through disclosure
The public key of the private key of the provider server and the user terminal is combined and generates by secret key cryptographic algorithm, and the described 4th
Key is identical as the first key;
It is decrypted using the first ciphertext described in the 4th key pair, obtains the private key of the user terminal.
4. the method according to claim 1, wherein the first key and second key are symmetrical close
Key.
5. a kind of key management apparatus is applied to user terminal characterized by comprising
First generation module, for passing through public key encryption algorithm for the private of the public key of provider server and the user terminal
Key is combined, and is generated first key, and carry out symmetric cryptography using private key of the first key to the user terminal, is obtained
First ciphertext;
Second generation module, for passing through public key encryption algorithm for the private of the public key of third-party server and the user terminal
Key is combined, and is generated the second key, and carry out symmetric cryptography using the private key of user terminal described in second key pair, is obtained
Second ciphertext;
Sending module for first ciphertext to be sent to the third-party server, and second ciphertext is sent to
The provider server.
6. device according to claim 5, which is characterized in that described device further includes the first acquisition module, is specifically used for:
If the user terminal receives private key and gives instruction for change, the first request is sent to the provider server, and to institute
It states third-party server and sends the second request;
Receive second ciphertext that the provider server is sent according to first request;
The third key that the third-party server is sent according to second request is received, the third key is to pass through disclosure
The public key of the private key of the third-party server and the user terminal is combined and generates by secret key cryptographic algorithm, the third
Key is identical as second key;
It is decrypted using the second ciphertext described in the third key pair, obtains the private key of the user terminal.
7. device according to claim 5 or 6, which is characterized in that described device further includes the second acquisition module, specific to use
In:
If the user terminal receives private key and gives instruction for change, third request is sent to the third-party server, and to institute
It states provider server and sends the 4th request;
Receive first ciphertext that the third-party server is sent according to third request;
The 4th key that the provider server is sent according to the 4th request is received, the 4th key is to pass through disclosure
The public key of the private key of the provider server and the user terminal is combined and generates by secret key cryptographic algorithm, and the described 4th
Key is identical as the first key;
It is decrypted using the first ciphertext described in the 4th key pair, obtains the private key of the user terminal.
8. according to the method described in claim 5, it is characterized in that, the first key and second key are symmetrical close
Key.
9. a kind of electronic equipment, including memory, processor, be stored in the memory to run on the processor
Computer program, which is characterized in that the processor realizes that the claims 1 to 4 are any when executing the computer program
The step of method described in item.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described
Program code makes the processor execute described any the method for Claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910287440.2A CN109922084B (en) | 2019-04-10 | 2019-04-10 | Key management method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910287440.2A CN109922084B (en) | 2019-04-10 | 2019-04-10 | Key management method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109922084A true CN109922084A (en) | 2019-06-21 |
| CN109922084B CN109922084B (en) | 2021-08-03 |
Family
ID=66969434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910287440.2A Active CN109922084B (en) | 2019-04-10 | 2019-04-10 | Key management method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109922084B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417553A (en) * | 2019-08-07 | 2019-11-05 | 北京阿尔山区块链联盟科技有限公司 | Secure Multi-Party communication means, device and user terminal |
| CN111327605A (en) * | 2020-01-23 | 2020-06-23 | 北京无限光场科技有限公司 | Method, terminal, server and system for transmitting private information |
| CN111953484A (en) * | 2020-08-03 | 2020-11-17 | 上海移远通信技术股份有限公司 | Communication method, device and client |
| CN112637230A (en) * | 2020-12-29 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Instant messaging method and system |
| CN112740212A (en) * | 2020-12-24 | 2021-04-30 | 华为技术有限公司 | Key writing method and device |
| CN113169965A (en) * | 2019-06-28 | 2021-07-23 | Oppo广东移动通信有限公司 | Resource allocation method, equipment and storage medium |
| CN113497778A (en) * | 2020-03-18 | 2021-10-12 | 北京同邦卓益科技有限公司 | Data transmission method and device |
| CN114050897A (en) * | 2021-08-20 | 2022-02-15 | 北卡科技有限公司 | Asynchronous key negotiation method and device based on SM9 |
| CN114401102A (en) * | 2021-11-29 | 2022-04-26 | 南威软件股份有限公司 | HTTP request parameter encryption scheme based on cryptographic algorithm |
| CN116527261A (en) * | 2023-07-03 | 2023-08-01 | 浙江大华技术股份有限公司 | Key recovery method, electronic device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101221446A (en) * | 2006-09-29 | 2008-07-16 | 洛克威尔自动控制技术股份有限公司 | Alarm/event encryption in an industrial environment |
| EP2291788A1 (en) * | 2008-05-05 | 2011-03-09 | Paysystem Sweden Ab | Electronic payments in a mobile communication system |
| EP2629227A1 (en) * | 2012-02-15 | 2013-08-21 | Research In Motion Limited | Key management on device for perimeters |
| WO2017097344A1 (en) * | 2015-12-08 | 2017-06-15 | Nec Europe Ltd. | Method for re-keying an encrypted data file |
| CN107528688A (en) * | 2017-09-30 | 2017-12-29 | 矩阵元技术(深圳)有限公司 | A kind of keeping of block chain key and restoration methods, device based on encryption commission technology |
| CN109510820A (en) * | 2018-11-01 | 2019-03-22 | 浙江仙草世家生物科技有限公司 | A kind of block chain cryptographic methods that decentralization can customize |
-
2019
- 2019-04-10 CN CN201910287440.2A patent/CN109922084B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101221446A (en) * | 2006-09-29 | 2008-07-16 | 洛克威尔自动控制技术股份有限公司 | Alarm/event encryption in an industrial environment |
| EP2291788A1 (en) * | 2008-05-05 | 2011-03-09 | Paysystem Sweden Ab | Electronic payments in a mobile communication system |
| EP2629227A1 (en) * | 2012-02-15 | 2013-08-21 | Research In Motion Limited | Key management on device for perimeters |
| WO2017097344A1 (en) * | 2015-12-08 | 2017-06-15 | Nec Europe Ltd. | Method for re-keying an encrypted data file |
| CN107528688A (en) * | 2017-09-30 | 2017-12-29 | 矩阵元技术(深圳)有限公司 | A kind of keeping of block chain key and restoration methods, device based on encryption commission technology |
| CN109510820A (en) * | 2018-11-01 | 2019-03-22 | 浙江仙草世家生物科技有限公司 | A kind of block chain cryptographic methods that decentralization can customize |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113169965B (en) * | 2019-06-28 | 2023-06-13 | Oppo广东移动通信有限公司 | Resource allocation method, equipment and storage medium |
| CN113169965A (en) * | 2019-06-28 | 2021-07-23 | Oppo广东移动通信有限公司 | Resource allocation method, equipment and storage medium |
| CN110417553A (en) * | 2019-08-07 | 2019-11-05 | 北京阿尔山区块链联盟科技有限公司 | Secure Multi-Party communication means, device and user terminal |
| CN110417553B (en) * | 2019-08-07 | 2022-12-27 | 北京阿尔山区块链联盟科技有限公司 | Multi-party secret communication method and device and user terminal |
| CN111327605A (en) * | 2020-01-23 | 2020-06-23 | 北京无限光场科技有限公司 | Method, terminal, server and system for transmitting private information |
| CN113497778A (en) * | 2020-03-18 | 2021-10-12 | 北京同邦卓益科技有限公司 | Data transmission method and device |
| CN111953484A (en) * | 2020-08-03 | 2020-11-17 | 上海移远通信技术股份有限公司 | Communication method, device and client |
| CN112740212B (en) * | 2020-12-24 | 2022-08-09 | 华为技术有限公司 | Key writing method and device |
| CN112740212A (en) * | 2020-12-24 | 2021-04-30 | 华为技术有限公司 | Key writing method and device |
| CN112637230A (en) * | 2020-12-29 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Instant messaging method and system |
| CN114050897A (en) * | 2021-08-20 | 2022-02-15 | 北卡科技有限公司 | Asynchronous key negotiation method and device based on SM9 |
| CN114050897B (en) * | 2021-08-20 | 2023-10-03 | 北卡科技有限公司 | SM 9-based asynchronous key negotiation method and device |
| CN114401102A (en) * | 2021-11-29 | 2022-04-26 | 南威软件股份有限公司 | HTTP request parameter encryption scheme based on cryptographic algorithm |
| CN116527261A (en) * | 2023-07-03 | 2023-08-01 | 浙江大华技术股份有限公司 | Key recovery method, electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109922084B (en) | 2021-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109922084A (en) | Key management method, device and electronic equipment | |
| US10547446B2 (en) | Method and apparatus for providing a universal deterministically reproducible cryptographic key-pair representation for all SKUs, shipping cartons, and items | |
| AU2017352361B2 (en) | Data transmission method, apparatus and system | |
| US11082224B2 (en) | Location aware cryptography | |
| US11784801B2 (en) | Key management method and related device | |
| RU2718229C1 (en) | Establishing secure channel | |
| CN107294709A (en) | A kind of block chain data processing method, apparatus and system | |
| CN108377189A (en) | User's communication encrypting method, device, terminal device and storage medium on block chain | |
| US10609003B2 (en) | Cryptography using multi-factor key system and finite state machine | |
| CN109064324A (en) | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain | |
| CN110100422B (en) | Data writing method and device based on block chain intelligent contract and storage medium | |
| WO2020253108A1 (en) | Information hiding method, apparatus, device, and storage medium | |
| CN109800588A (en) | Bar code dynamic encrypting method and device, bar code dynamic decryption method and device | |
| CN105099653A (en) | Distributed data processing method, device and system | |
| CN108696518A (en) | User's communication encrypting method, device, terminal device and storage medium on block chain | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN109120399A (en) | A kind of data ciphering method based on asymmetric encryption, decryption method and system | |
| CN116308776A (en) | Transaction supervision method and device based on blockchain, electronic equipment and storage medium | |
| CN108347629A (en) | Video file processing method, device, server and storage medium | |
| CN111861462A (en) | Financial product transaction method and device based on block chain | |
| US20230028854A1 (en) | System and method of cryptographic key management in a plurality of blockchain based computer networks | |
| CN110166234A (en) | A kind of creation of business cipher key and business datum encryption method, apparatus and system | |
| CN109754254A (en) | Key management method, device and electronic equipment | |
| CN112352399A (en) | Method for on-board generation of cryptographic keys using physically unclonable functions | |
| CN108880793A (en) | Information trading method, apparatus and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |