CN110166229A - Trustship method, application system and the cipher key center system of sensitive information - Google Patents

Trustship method, application system and the cipher key center system of sensitive information Download PDF

Info

Publication number
CN110166229A
CN110166229A CN201910293446.0A CN201910293446A CN110166229A CN 110166229 A CN110166229 A CN 110166229A CN 201910293446 A CN201910293446 A CN 201910293446A CN 110166229 A CN110166229 A CN 110166229A
Authority
CN
China
Prior art keywords
sensitive information
cipher key
application system
key center
center system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910293446.0A
Other languages
Chinese (zh)
Inventor
李标
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Megvii Technology Co Ltd
Original Assignee
Beijing Megvii Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Megvii Technology Co Ltd filed Critical Beijing Megvii Technology Co Ltd
Priority to CN201910293446.0A priority Critical patent/CN110166229A/en
Publication of CN110166229A publication Critical patent/CN110166229A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of trustship method of sensitive information, application system and cipher key center systems.The trustship method of the sensitive information includes: that application system is registered in cipher key center system, is application system generation sign-on ID with the registration information by cipher key center system based on the application system and selects Encryption Algorithm;Sensitive information to trustship is sent to cipher key center system by application system, and the sensitive information is encrypted and stored to be based on selected Encryption Algorithm by cipher key center system;And application system receives the sign-on ID and corresponding key from cipher key center system, encrypted sensitive information is obtained to be based on the sign-on ID when needing using the sensitive information from the cipher key center system, and decrypts to obtain the sensitive information based on the key.The trustship method of sensitive information provided by the invention can be managed collectively the sensitive information of types of applications system, and for application system without saving any sensitive data, risk of divulging a secret is lower.

Description

Trustship method, application system and the cipher key center system of sensitive information
Technical field
The present invention relates to field of information security technology, relate more specifically to a kind of trustship method of sensitive information, using system System and cipher key center system.
Background technique
As business event flourishes, types of applications system service quantity is all with growth, in major applications system It can all need to rely on some sensitive configuration informations, such as the access of types of databases, message queue, light weight catalog when initialization starting Agreement (LDAP) account information etc., frequent way are directly as plain text configuration by them in application system local In file, or by stored in clear in remote system, these have larger possibility to lead to sensitive information leakage, be easy to Enterprise brings biggish loss.
Defect existing for existing method mainly includes following aspects: (1) all kinds of configurable writes of existing application system are at this It is not safe enough when ground file, there is the risk divulged a secret;(2) it when all kinds of configurations of existing application system read from distal end, does not do High strength encrypting, it is also not safe enough, there is the risk divulged a secret;(3) existing all kinds of sensitive configuration informations can not be unified to a platform Upper management, maintenance cost are high;(4) different Encryption Algorithm can not be arranged in existing sensitive information according to security level, be for application System uses.
Summary of the invention
Propose the present invention at least one of to solve the above-mentioned problems.According to an aspect of the present invention, one is provided The trustship method of kind sensitive information, which comprises application system is registered in cipher key center system, by cipher key center Registration information of the system based on the application system is that the application system generates sign-on ID and selects Encryption Algorithm;Using system Sensitive information to trustship is sent to cipher key center system by system, to be based on selected Encryption Algorithm pair by cipher key center system The sensitive information is encrypted and is stored;And application system is from the cipher key center system reception sign-on ID and accordingly Key, it is encrypted from cipher key center system acquisition to be based on the sign-on ID when needing using the sensitive information Sensitive information, and decrypt to obtain the sensitive information based on the key.
In one embodiment of the invention, the method also includes: the application systems will access white list and/or visit Ask that blacklist is sent to the cipher key center system, with by the cipher key center system determine to attempt to obtain it is described encrypted The visitor of sensitive information just allows this acquisition after being allowed to the visitor of access.
In one embodiment of the invention, the sensitive information is the sensitive configuration information of the application system, described Application system obtains the encrypted sensitive information from the cipher key center system when initializing starting.
In one embodiment of the invention, the application system and the cipher key center system deployment are in same privately owned net In network.
According to a further aspect of the invention, a kind of application system is provided, the application system includes: registration module, is used for It is that the application system is registered in cipher key center system, to be believed by cipher key center system based on the registration of the application system Breath is that the application system generates sign-on ID and selects Encryption Algorithm;Communication module, for by the application system wait hold in the palm The sensitive information of pipe is sent to cipher key center system, to be based on selected Encryption Algorithm to the sensitivity by cipher key center system Information is encrypted and is stored;The communication module is also used to receive the sign-on ID and corresponding close from cipher key center system Key, it is encrypted quick from cipher key center system acquisition to be based on the sign-on ID when needing using the sensitive information Feel information;And deciphering module, for based on encrypted sensitive information acquired in communication module described in the key pair into Row decryption obtains the sensitive information.
According to a further aspect of the present invention, a kind of application system is provided, the application system includes storage device and processing Device is stored with the computer program run by the processor on the storage device, and the computer program is by the place The trustship method of above-mentioned sensitive information is executed when reason device operation.
Another aspect according to the present invention provides a kind of trustship method of sensitive information, which comprises cipher key center System receives the registration information of application system, and is application system generation sign-on ID based on the registration information and selects Encryption Algorithm;Cipher key center system receives the sensitive information to trustship of the application system, and is calculated based on selected encryption Method is encrypted and is stored to the sensitive information;And cipher key center system transmits the sign-on ID and corresponding key To the application system, with by the application system when needing using the sensitive information based on the sign-on ID from described Cipher key center system obtains and decrypts to obtain the sensitive information.
In one embodiment of the invention, the method also includes: cipher key center system is received from the application system White list and/or access blacklist are accessed, to determine when receiving the request for attempting to obtain the encrypted sensitive information Visitor just allows this acquisition after being allowed to the visitor of access.
In one embodiment of the invention, the application system and the cipher key center system deployment are in same privately owned net In network.
According to a further aspect of the present invention, a kind of cipher key center system is provided, the cipher key center system includes: communication mould Block, for receiving the registration information of application system and the sensitive information to trustship of the application system;Generation module is used for base It is application system generation sign-on ID in the registration information and selects Encryption Algorithm;Encrypting module, for based on selected The Encryption Algorithm selected is encrypted and is stored to the sensitive information;And the communication module is also used to the sign-on ID It is sent to the application system with corresponding key, to be based on institute when needing using the sensitive information by the application system Sign-on ID is stated to obtain from the cipher key center system and decrypt to obtain the sensitive information.
According to a further aspect of the present invention, a kind of cipher key center system is provided, the cipher key center system includes storage dress It sets and processor, is stored with the computer program run by the processor on the storage device, the computer program exists The trustship method of sensitive information described in any of the above embodiments is executed when being run by the processor.
Another aspect according to the present invention provides a kind of storage medium, and the storage medium is stored with computer program, institute State the trustship method that computer program executes above-mentioned sensitive information at runtime.
Trustship method, application system and the cipher key center system of sensitive information according to an embodiment of the present invention are based in key It feels concerned about system and adaptability encryption, storage and unified management is carried out to the sensitive information of types of applications system, application system is without saving Any sensitive data, and application system from cipher key center system obtain sensitive information when sensitive information have passed through encryption, reduce The risk of divulging a secret of the sensitive information of application system, and reduce the maintenance cost of sensitive information.
Detailed description of the invention
The embodiment of the present invention is described in more detail in conjunction with the accompanying drawings, the above and other purposes of the present invention, Feature and advantage will be apparent.Attached drawing is used to provide to further understand the embodiment of the present invention, and constitutes explanation A part of book, is used to explain the present invention together with the embodiment of the present invention, is not construed as limiting the invention.In the accompanying drawings, Identical reference label typically represents same parts or step.
Fig. 1 is shown in trustship method, application system and key for realizing sensitive information according to an embodiment of the present invention Feel concerned about the schematic block diagram of the exemplary electronic device of system;
Fig. 2 shows the schematic flow charts of the trustship method of sensitive information according to an embodiment of the present invention;
Fig. 3 shows the schematic block diagram of the application system for realizing method shown in Fig. 2;
Fig. 4 shows the schematic block diagram of application system according to an embodiment of the present invention;
Fig. 5 shows the schematic flow chart of the trustship method of sensitive information according to another embodiment of the present invention;
Fig. 6 shows the schematic block diagram of the cipher key center system for realizing method shown in Fig. 5;And
Fig. 7 shows the schematic block diagram of the cipher key center system of the embodiment of the present invention.
Specific embodiment
In order to enable the object, technical solutions and advantages of the present invention become apparent, root is described in detail below with reference to accompanying drawings According to example embodiments of the present invention.Obviously, described embodiment is only a part of the embodiments of the present invention, rather than this hair Bright whole embodiments, it should be appreciated that the present invention is not limited by example embodiment described herein.Based on described in the present invention The embodiment of the present invention, those skilled in the art's obtained all other embodiment in the case where not making the creative labor It should all fall under the scope of the present invention.
Firstly, referring to Fig.1 come describe the trustship method of the sensitive information for realizing the embodiment of the present invention, application system and The exemplary electronic device 100 of cipher key center system.
As shown in Figure 1, electronic equipment 100 include one or more processors 102, it is one or more storage device 104, defeated Enter device 106 and output device 108, these components (are not shown by the bindiny mechanism of bus system 110 and/or other forms It interconnects out).It should be noted that the component and structure of electronic equipment 100 shown in FIG. 1 are illustrative, and not restrictive, root According to needs, the electronic equipment can not include the whole of said modules, it is possible to have other assemblies and structure.
The processor 102 can be central processing unit (CPU) or have data-handling capacity and/or instruction execution The processing unit of the other forms of ability, and the other components that can control in the electronic equipment 100 are desired to execute Function.
The storage device 104 may include one or more computer program products, and the computer program product can To include various forms of computer readable storage mediums, such as volatile memory and/or nonvolatile memory.It is described easy The property lost memory for example may include random access memory (RAM) and/or cache memory (cache) etc..It is described non- Volatile memory for example may include read-only memory (ROM), hard disk, flash memory etc..In the computer readable storage medium On can store one or more computer program instructions, processor 102 can run described program instruction, to realize hereafter institute The application system (realized by processor) in the embodiment of the present invention stated/cipher key center system function and/or other expectations Function.It can also store various application programs and various data in the computer readable storage medium, such as described answer With program use and/or the various data generated etc..
The input unit 106 can be the device that user is used to input instruction, and may include keyboard, mouse, wheat One or more of gram wind and touch screen etc..
The output device 108 can export various information (such as image or sound) to external (such as user), and It may include one or more of display, loudspeaker etc..
Illustratively, for realizing in the trustship method of sensitive information according to an embodiment of the present invention, application system, key The exemplary electronic device for feeling concerned about system and computer-readable medium may be implemented as such as smart phone, tablet computer, server Deng.
The trustship method of sensitive information provided by the present invention is related to application system and cipher key center system.In the following, first The trustship method 200 of sensitive information according to an embodiment of the present invention is described with reference to Fig. 2, the trustship method 200 of sensitive information is station In the trustship method for the sensitive information that the angle of application system describes.On the other hand, it will describe later in conjunction with Fig. 5 according to this hair The trustship method 500 of the trustship method 500 of the sensitive information of bright another embodiment, sensitive information is stood in cipher key center system The trustship method of the sensitive information of angle description.
As shown in Figure 2, the trustship method 200 of sensitive information may include steps of:
In step S210, application system is registered in cipher key center system, to be based on described answer by cipher key center system It is application system generation sign-on ID with the registration information of system and selects Encryption Algorithm.
In step S220, the sensitive information to trustship is sent to cipher key center system by application system, by cipher key center System is based on selected Encryption Algorithm and the sensitive information is encrypted and stored.
In step 230, application system receives the sign-on ID and corresponding key from cipher key center system, to need Encrypted sensitive information, and base are obtained from the cipher key center system using the sign-on ID is based on when the sensitive information It decrypts to obtain the sensitive information in the key.
In an embodiment of the present invention, application system can be any application program service system, such as recognition of face system System etc..Major applications system can all need to need to rely on some sensitivities when sensitive information, such as application system initialization starting Configuration information (such as types of databases, message queue, LDAP etc.) or application system need some sensitivities in the process of running Information etc..In an embodiment of the present invention, application system, which may not need, is being locally stored these sensitive informations, but can be close It encrypts and stores in key centring system (system that a being adapted to property encrypted and saved the sensitive information of types of applications system) These sensitive informations, when needing to obtain these sensitive informations using these sensitive informations Shi Zaicong cipher key center system, due to quick It has passed through when sense information stores in cipher key center system and encryption when sending back application system, therefore largely drop The low risk of divulging a secret of the sensitive information of application system.
In an embodiment of the present invention, application system needs are registered in cipher key center system first, based on application The registration of system, cipher key center system can generate the sign-on ID (APP ID) for being specific to the application system for application system, Foundation to upload to the sensitive information of cipher key center system before obtaining it from cipher key center system as application system.This Outside, cipher key center system can generate the Encryption Algorithm for being suitable for the application system based on the registration information of application system, or (different application systems are done based on security level from the Encryption Algorithm for selecting to be suitable for the application system in Encryption Algorithm has been deposited Different control extensions), the sensitive information to trustship from application system is encrypted and be stored.Further, Cipher key center system can be by the type of the Encryption Algorithm and corresponding key (such as the key of symmetric encipherment algorithm, Huo Zhefei The private key of symmetric encipherment algorithm) together with the sign-on ID for being specific to the application system of generation it is sent to the application system.In this way, Application system can be based on the sign-on ID when needing using sensitive information to cipher key center (such as when initializing starting) System is initiated to obtain the request of sensitive information, and cipher key center system can be found corresponding by the quick of encryption based on the sign-on ID Sense information is sent to application system.Application system then can be used the key pair that it had previously been obtained from cipher key center system and obtain Encrypted sensitive information be decrypted and obtain its sensitive information to be used.
In further embodiment of the invention, the above method 200 can also include (not shown in FIG. 2): described Application system will access white list and/or access blacklist is sent to the cipher key center system, by the cipher key center system Uniting just allows this after the visitor that the visitor for determining to attempt to obtain the encrypted sensitive information is allowed to access It obtains.
In this embodiment, access safety permission can be set in application system, will allow to access and/or does not allow to access close Key centring system (accesses white list and/or access blacklist, such as with the list for obtaining the visitor of the sensitive information of its upload IP access white list and/or IP access blacklist) it is sent to cipher key center system.Based on the access safety permission, cipher key center System after receiving sensitive information access request, can determine using certain sign-on ID access visitor whether be and the note Volume identifies person's of being allowed access to (IP address being such as allowed access to) of corresponding application system setting.If it is determined that using certain note Volume mark access visitor be allowed to access visitor (such as access white list in or not access blacklist It is interior), then allow this acquisition, i.e., the sensitive information by encryption corresponding with the sign-on ID is sent to the visitor; , whereas if determine using certain sign-on ID access visitor be not allowed to access visitor (such as not access it is white In list or in access blacklist), then it is regarded as illegal request, not reacts or gives a warning.In the embodiment The trustship method of sensitive information further increases access safety strategy, further reduced letting out for the sensitive information of application system Close risk.
In further embodiment of the invention, application system and cipher key center system in the above method 200 can be with It is deployed in same private network.In this way, the communication between application system and cipher key center system can be safer and be arranged more Simply.Certainly, this is merely exemplary, and application system and cipher key center system can also be separately positioned in different networks, Suitable security strategy can further be disposed to the communication between it at this time.
In further embodiment of the invention, the application system in the above method 200 can also be according to self-demand It voluntarily selects suitable Encryption Algorithm to encrypt sensitive information, and cipher key center will be sent to by the sensitive information of encryption System storage, alternatively, application system, which can voluntarily generate key, is sent to cipher key center system, being based on by cipher key center system should Key pair sensitive information is encrypted, and such application system can be voluntarily when obtaining encrypted sensitive information from cipher key center Decryption, without obtaining key from cipher key center system.
Based on above description, the trustship method of sensitive information according to an embodiment of the present invention is based on cipher key center system pair The sensitive information of types of applications system carries out adaptability encryption, storage and unified management, and application system is without saving any sensitivity Data, and application system from cipher key center system obtain sensitive information when sensitive information have passed through encryption, reduce application system Sensitive information risk of divulging a secret, and reduce the maintenance cost of sensitive information.
The trustship of sensitive information according to an embodiment of the present invention has been illustratively described from the angle of application system above Method describes the application system for realizing method shown in Fig. 2 below with reference to Fig. 3.Fig. 3 shows for realizing method shown in Fig. 2 Application system 300 schematic block diagram.
As shown in figure 3, application system 300 includes registration module 310, communication module 320 and deciphering module 330.It is described each A module can execute each step/function of the trustship method of the sensitive information above in conjunction with Fig. 2 description respectively.It is only right below The major function of each unit of application system 300 is described, and omits the detail content having been described above.
Registration module 310 is used in cipher key center system be that the application system is registered, by cipher key center system Registration information based on the application system is that the application system generates sign-on ID and selects Encryption Algorithm.Communication module 320 for being sent to cipher key center system for the sensitive information to trustship of the application system, by cipher key center system base The sensitive information is encrypted and stored in selected Encryption Algorithm.Communication module 320 is used for from cipher key center system The sign-on ID and corresponding key are received, to be based on the sign-on ID when needing using the sensitive information from described Cipher key center system obtains encrypted sensitive information.Deciphering module 330 is used for based on communication module institute described in the key pair The encrypted sensitive information obtained is decrypted to obtain the sensitive information.Registration module 310, communication module 320 and decryption The program instruction that module 330 can store in 102 Running storage device 104 of processor in electronic equipment as shown in Figure 1 To realize.
In an embodiment of the present invention, application system 300 can be any application program service system, such as recognition of face System etc..Major applications system can all need to need to rely on when sensitive information, such as application system initialization starting some quick Sense configuration information (such as types of databases, message queue, LDAP etc.) or application system need some quick in the process of running Feel information etc..In an embodiment of the present invention, application system 300, which may not need, is being locally stored these sensitive informations, but can With the encryption in cipher key center system (system that a being adapted to property encrypted and saved the sensitive information of types of applications system) And these sensitive informations are stored, when needing to obtain these sensitive informations using these sensitive informations Shi Zaicong cipher key center system, It has passed through encryption when storing in cipher key center system due to sensitive information and when sending back application system 300, very The risk of divulging a secret of the sensitive information of application system 300 is reduced in big degree.
In an embodiment of the present invention, the registration module 310 of application system 300 is application first in cipher key center system System 300 is registered, and based on the registration of application system 300, cipher key center system can be specific to for the generation of application system 300 The sign-on ID (APP ID) of application system 300, to be uploaded to before obtaining it from cipher key center system as application system 300 The foundation of the sensitive information of cipher key center system.In addition, cipher key center system can be raw based on the registration information of application system 300 It is suitable for adding for the application system at the Encryption Algorithm for being suitable for the application system 300, or from selection in Encryption Algorithm has been deposited Close algorithm (different control extensions are done to different application systems based on security level), with the communication module to application system 300 The sensitive information to trustship that 320 transmission come is encrypted and is stored.Further, the communication module of application system 300 320 can be received from cipher key center system the type of the Encryption Algorithm and corresponding key (such as the key of symmetric encipherment algorithm, Or the private key of rivest, shamir, adelman) together with the registration mark for being specific to the application system 300 generated in cipher key center system Know, and the type of Encryption Algorithm, key and sign-on ID are written in the system file of application system 300.In this way, using System 300 can be based on the registration mark by communication module 320 (such as when initializing starting) when needing using sensitive information Know the request for initiating to obtain sensitive information to cipher key center system, cipher key center system can find corresponding based on the sign-on ID Sensitive information by encryption is sent to the communication module 320 of application system 300.The deciphering module 330 of application system then may be used To use the encrypted sensitive information of the cipher key pair communication module 320 being previously stored in system file acquisition to be decrypted Obtain its sensitive information to be used.
In further embodiment of the invention, communication module 320 can be also used for that white list and/or access will be accessed Blacklist is sent to the cipher key center system, with by the cipher key center system determine to attempt to obtain it is described encrypted quick The visitor of sense information just allows this acquisition after being allowed to the visitor of access.
In this embodiment, access safety permission can be set in application system 300, will allow to access by communication module 320 And/or do not allow to access list (the i.e. access white list of the visitor of sensitive information of the cipher key center system to obtain its upload And/or access blacklist, as IP accesses white list and/or IP access blacklist) it is sent to cipher key center system.Based on the access Security permission, cipher key center system can determine after receiving sensitive information access request using the access of certain sign-on ID Whether visitor is the person of being allowed access to of application system setting corresponding with the sign-on ID (such as the IP being allowed access to Location).If it is determined that using certain sign-on ID access visitor be allowed to access visitor (such as access white list in Or not in access blacklist), then allow this acquisition, i.e., believes corresponding with the sign-on ID by the sensitive of encryption Breath is sent to the visitor;The access accessed is not allowed to using the visitor of certain sign-on ID access, whereas if determining Person's (such as not in access white list or in access blacklist), then be regarded as illegal request, not react or issue Warning.The trustship method of sensitive information in the embodiment further increases access safety strategy, further reduced application The risk of divulging a secret of the sensitive information of system.
In further embodiment of the invention, application system 300 and cipher key center system above-mentioned can be deployed in In same private network.In this way, the communication between application system 300 and cipher key center system can be safer and be arranged simpler It is single.Certainly, this is merely exemplary, and application system 300 and cipher key center system can also be separately positioned in different networks, Suitable security strategy can further be disposed to the communication between it at this time.
Based on above description, application system according to an embodiment of the present invention is based on cipher key center system to its sensitive information Adaptability encryption, storage and unified management are carried out, application system is without saving any sensitive data, and application system is from key Feeling concerned about sensitive information when system obtains sensitive information have passed through encryption, reduce the risk of divulging a secret of the sensitive information of application system, and Reduce the maintenance cost of sensitive information.
Fig. 4 shows the schematic block diagram of application system 400 according to an embodiment of the present invention.Application system 400 includes depositing Storage device 410 and processor 420.
Wherein, the storage of storage device 410 is for realizing in the trustship method 200 of sensitive information according to an embodiment of the present invention Corresponding steps program code.Program code of the processor 420 for being stored in Running storage device 410, to execute basis The corresponding steps of the trustship method 200 of the sensitive information of the embodiment of the present invention, and for realizing according to an embodiment of the present invention Corresponding module in application system 300.
In addition, according to embodiments of the present invention, a kind of computer-readable medium is additionally provided, in the computer-readable medium On store program instruction, when described program instruction is run by computer or processor for executing the quick of the embodiment of the present invention Feel the corresponding steps of the trustship method 200 of information, and for realizing the phase in application system 300 according to an embodiment of the present invention Answer module.The computer-readable medium for example may include the storage card of smart phone, the storage unit of tablet computer, individual The hard disk of computer, read-only memory (ROM), Erasable Programmable Read Only Memory EPROM (EPROM), portable compact disc is read-only deposits Any combination of reservoir (CD-ROM), USB storage or above-mentioned storage medium.The computer readable storage medium can be with It is any combination of one or more computer readable storage mediums.
The trustship method 500 of sensitive information according to another embodiment of the present invention is described below with reference to Fig. 5, sensitive information Trustship method 500 is the trustship method of the sensitive information described from the angle of cipher key center system.On the other hand, it is tied before Closing Fig. 2 and describing the trustship method 200 of sensitive information according to an embodiment of the present invention is from the quick of the angle of application system description Feel the trustship method of information.
As shown in Figure 5, the trustship method 500 of sensitive information may include steps of:
In step S510, cipher key center system receives the registration information of application system, and is institute based on the registration information Application system is stated to generate sign-on ID and select Encryption Algorithm.
In step S520, cipher key center system receives the sensitive information to trustship of the application system, and based on selected The Encryption Algorithm selected is encrypted and is stored to the sensitive information.
In step S530, the sign-on ID and corresponding key are sent to the application system by cipher key center system, To be obtained based on the sign-on ID from the cipher key center system by the application system when needing using the sensitive information It takes and decrypts to obtain the sensitive information.
In an embodiment of the present invention, as described in previously in conjunction with Fig. 2, cipher key center system, which is one, can be answered all kinds of The system for being encrypted and being saved with the sensitive information adaptive of system, application system can be any application program service system.Greatly Certain applications system can all need to need to rely on some sensitive configuration informations when sensitive information, such as application system initialization starting (such as types of databases, message queue, LDAP etc.) or application system need some sensitive informations etc. in the process of running. In an embodiment of the present invention, application system, which may not need, is being locally stored these sensitive informations, but can be in cipher key center These sensitive informations are encrypted and stored in system, when needing to obtain these using these sensitive informations Shi Zaicong cipher key center system Sensitive information have passed through encryption when storing in cipher key center system due to sensitive information and when sending back application system, Therefore the risk of divulging a secret of the sensitive information of application system is largely reduced.
In an embodiment of the present invention, application system needs are registered in cipher key center system first, based on application The registration of system, cipher key center system can receive the registration information of application system, be specific to the application for application system generation The sign-on ID (APP ID) of system, to upload to cipher key center system before obtaining it from cipher key center system as application system The foundation of the sensitive information of system.It is answered in addition, cipher key center system can be generated based on the registration information of application system suitable for this It is suitable for the Encryption Algorithm of the application system (i.e. based on peace with the Encryption Algorithm of system, or from selection in Encryption Algorithm has been deposited Congruent grade does different control extensions to different application systems), and based on generating or selected Encryption Algorithm is to carrying out self-application The sensitive information to trustship of system is encrypted and is stored.Further, cipher key center system can be by the Encryption Algorithm Type and corresponding key (such as symmetric encipherment algorithm key or rivest, shamir, adelman private key) together with generation The sign-on ID for being specific to the application system be sent to the application system.In this way, application system is being needed using sensitive information When starting (such as initialize) can initiate to obtain the request of sensitive information to cipher key center system based on the sign-on ID, Cipher key center system can be found the corresponding sensitive information by encryption based on the sign-on ID and be sent to application system.Using system System then can be used the encrypted sensitive information that the key pair that it had previously been obtained from cipher key center system obtains and be decrypted And obtain its sensitive information to be used.
In further embodiment of the invention, the above method 500 can also include (not shown in FIG. 2): key Centring system receives access white list and/or access blacklist from the application system, to receive the trial acquisition warp Determining when the request of the sensitive information of encryption just allows this acquisition after visitor is allowed to the visitor accessed.
In this embodiment, cipher key center system can receive the access safety permission of application system setting, be from application System receives the visitor for allowing to access and/or do not allow to access sensitive information of the cipher key center system to obtain application system upload List (i.e. access white list and/or access blacklist access blacklist as IP accesses white list and/or IP).Based on the visit Ask security permission, cipher key center system can be determined and be accessed using certain sign-on ID after receiving sensitive information access request Visitor whether be the person of being allowed access to of corresponding with sign-on ID application system setting (such as the IP being allowed access to Location).If it is determined that using certain sign-on ID access visitor be allowed to access visitor (such as access white list in Or not in access blacklist), then allow this acquisition, i.e., believes corresponding with the sign-on ID by the sensitive of encryption Breath is sent to the visitor;The access accessed is not allowed to using the visitor of certain sign-on ID access, whereas if determining Person's (such as not in access white list or in access blacklist), then be regarded as illegal request, not react or issue Warning.The trustship method of sensitive information in the embodiment further increases access safety strategy, further reduced application The risk of divulging a secret of the sensitive information of system.
In further embodiment of the invention, application system and cipher key center system in the above method 500 can be with It is deployed in same private network.In this way, the communication between application system and cipher key center system can be safer and be arranged more Simply.Certainly, this is merely exemplary, and application system and cipher key center system can also be separately positioned in different networks, Suitable security strategy can further be disposed to the communication between it at this time.
Based on above description, the trustship method of sensitive information according to an embodiment of the present invention is based on cipher key center system pair The sensitive information of types of applications system carries out adaptability encryption, storage and unified management, and application system is without saving any sensitivity Data, and application system from cipher key center system obtain sensitive information when sensitive information have passed through encryption, reduce application system Sensitive information risk of divulging a secret, and reduce the maintenance cost of sensitive information.
Sensitive information according to an embodiment of the present invention has been illustratively described from the angle of cipher key center system above Trustship method describes the cipher key center system for realizing method shown in Fig. 5 below with reference to Fig. 6.Fig. 6 shows for realizing Fig. 5 The schematic block diagram of the cipher key center system 600 of shown method.
As shown in fig. 6, cipher key center system 600 includes communication module 610, generation module 620 and encrypting module 630.Institute State each step/function for the trustship method 500 that modules can be executed respectively above in conjunction with Fig. 5 sensitive information described. Only the major function of each unit of cipher key center system 600 is described below, and omits the details having been described above Content.
Communication module 610 is used to receive the registration information of application system and the sensitivity letter to trustship of the application system Breath.Generation module 620 is used to be that the application system generates sign-on ID and selects Encryption Algorithm based on the registration information.Add Close module 630 is used to that the sensitive information to be encrypted and be stored based on selected Encryption Algorithm.Communication module 620 is also used In the sign-on ID and corresponding key are sent to the application system, to be needed described in use as the application system It is obtained from the cipher key center system based on the sign-on ID when sensitive information and decrypts to obtain the sensitive information.Communicate mould Block 610, generation module 620 and encrypting module 630 can the processor 102 in electronic equipment as shown in Figure 1 run storage The program instruction that stores in device 104 is realized.
In an embodiment of the present invention, cipher key center system 600 be one can be to the sensitive information of types of applications system The system that adaptability is encrypted and saved, application system can be any application program service system.Major applications system all can Need sensitive information, when such as application system initialization starting need to rely on some sensitive configuration informations (such as types of databases, Message queue, LDAP etc.) or application system need some sensitive informations etc. in the process of running.In the embodiment of the present invention In, application system, which may not need, is being locally stored these sensitive informations, but can encrypt and deposit in cipher key center system 600 Store up these sensitive informations, when need using these sensitive informations Shi Zaicong cipher key center system 600 obtain these sensitive informations, by It has passed through when sensitive information stores in cipher key center system 600 and encryption when sending back application system, therefore very big The risk of divulging a secret of the sensitive information of application system is reduced in degree.
In an embodiment of the present invention, the communication module 610 of cipher key center system 600 receives application system from application system Registration information and application system the information to trustship.Registration information based on application system, the life of cipher key center system 600 It can be generated at module 620 for application system and be specific to the sign-on ID (APP ID) of the application system, using as application system The foundation of the sensitive information of cipher key center system 600 is uploaded to before obtaining it from cipher key center system 600.In addition, in key The generation module 620 for feeling concerned about system 600 can generate the encryption calculation for being suitable for the application system based on the registration information of application system Method, or (difference is answered based on security level from the Encryption Algorithm for selecting to be suitable for the application system in Encryption Algorithm has been deposited Different control extensions are done with system).Encrypting module 630 is generated based on generation module 620 or selected Encryption Algorithm is to next The sensitive information to trustship of self-application system is encrypted and is stored.Further, the communication of cipher key center system 600 Module 610 can by with the type of Encryption Algorithm and corresponding key (such as symmetric encipherment algorithm key or it is asymmetric plus The private key of close algorithm) together with generation module 620 generate the sign-on ID for being specific to the application system be sent to the application system. In this way, application system can be based on the sign-on ID when needing using sensitive information to key (such as when initializing starting) Centring system 600 is initiated to obtain the request of sensitive information, and cipher key center system 600 can find corresponding warp based on the sign-on ID The sensitive information for crossing encryption is sent to application system.Application system then can be used what it had previously been obtained from cipher key center system The encrypted sensitive information that key pair obtains, which is decrypted, obtains its sensitive information to be used.
In further embodiment of the invention, cipher key center system 600 can also include determining module (not in Fig. 6 In show), and communication module 610 can be also used for from the application system receive access white list and/or access blacklist, with Determine that visitor is allowed to access by determining module when receiving the request for attempting to obtain the encrypted sensitive information Visitor after just allow this acquisition.
In this embodiment, communication module 610 can receive the access safety permission of application system setting, from application system Receive the visitor's for allowing to access and/or do not allow to access sensitive information of the cipher key center system to obtain application system upload List (i.e. access white list and/or access blacklist, as IP accesses white list and/or IP access blacklist).Based on the access Security permission, communication module 610 can be determined using certain registration mark after receiving sensitive information access request by determining module Whether the visitor for knowing access is that the person of being allowed access to that application system corresponding with the sign-on ID is arranged (is such as allowed access to IP address).If it is determined that module determine using certain sign-on ID access visitor be allowed to access visitor (such as In access white list or not in access blacklist), then allow this acquisition, i.e., it will be with the registration by communication module 610 It identifies the corresponding sensitive information by encryption and is sent to the visitor;, whereas if determining module is determined using certain registration Mark access visitor be not allowed to access visitor (such as not access white list in or access blacklist It is interior), then it is regarded as illegal request, not reacts or is given a warning by communication module 610.Sensitive information in the embodiment Trustship method further increases access safety strategy, further reduced the risk of divulging a secret of the sensitive information of application system.
In further embodiment of the invention, above-mentioned application system and cipher key center system 600 can be deployed in In same private network.In this way, the communication between application system and cipher key center system can be safer and be arranged simpler.When So, this is merely exemplary, and application system and cipher key center system can also be separately positioned in different networks, at this time can be with Suitable security strategy is further disposed to the communication between it.
Based on above description, cipher key center system according to an embodiment of the present invention can be to the sensitivity of types of applications system Information carries out adaptability encryption, storage and unified management, and application system is without saving any sensitive data, and application system is from close Sensitive information have passed through encryption when key centring system obtains sensitive information, reduce the wind of divulging a secret of the sensitive information of application system Danger, and reduce the maintenance cost of sensitive information.
Fig. 7 shows the schematic block diagram of cipher key center system 700 according to an embodiment of the present invention.Cipher key center system 700 include storage device 710 and processor 720.
Wherein, the storage of storage device 710 is for realizing in the trustship method 500 of sensitive information according to an embodiment of the present invention Corresponding steps program code.Program code of the processor 720 for being stored in Running storage device 710, to execute basis The corresponding steps of the trustship method 500 of the sensitive information of the embodiment of the present invention, and for realizing according to an embodiment of the present invention Corresponding module in cipher key center system 600.
In addition, according to embodiments of the present invention, a kind of computer-readable medium is additionally provided, in the computer-readable medium On store program instruction, when described program instruction is run by computer or processor for executing the quick of the embodiment of the present invention Feel the corresponding steps of the trustship method 500 of information, and for realizing in cipher key center system 600 according to an embodiment of the present invention Corresponding module.The computer-readable medium for example may include the storage card of smart phone, tablet computer storage unit, Hard disk, read-only memory (ROM), Erasable Programmable Read Only Memory EPROM (EPROM), the portable compact disc of personal computer Read any combination of memory (CD-ROM), USB storage or above-mentioned storage medium.The computer readable storage medium It can be any combination of one or more computer readable storage mediums.
Although describing example embodiment by reference to attached drawing here, it should be understood that above example embodiment are only exemplary , and be not intended to limit the scope of the invention to this.Those of ordinary skill in the art can carry out various changes wherein And modification, it is made without departing from the scope of the present invention and spiritual.All such changes and modifications are intended to be included in appended claims Within required the scope of the present invention.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, apparatus embodiments described above are merely indicative, for example, the division of the unit, only Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied Another equipment is closed or is desirably integrated into, or some features can be ignored or not executed.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the present invention and help to understand one or more of the various inventive aspects, To in the description of exemplary embodiment of the present invention, each feature of the invention be grouped together into sometimes single embodiment, figure, Or in descriptions thereof.However, the method for the invention should not be construed to reflect an intention that i.e. claimed The present invention claims features more more than feature expressly recited in each claim.More precisely, such as corresponding power As sharp claim reflects, inventive point is that the spy of all features less than some disclosed single embodiment can be used Sign is to solve corresponding technical problem.Therefore, it then follows thus claims of specific embodiment are expressly incorporated in this specific Embodiment, wherein each, the claims themselves are regarded as separate embodiments of the invention.
It will be understood to those skilled in the art that any combination pair can be used other than mutually exclusive between feature All features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed any method Or all process or units of equipment are combined.Unless expressly stated otherwise, this specification (is wanted including adjoint right Ask, make a summary and attached drawing) disclosed in each feature can be replaced with an alternative feature that provides the same, equivalent, or similar purpose.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any Can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or other suitable processors realize some or all function of some modules according to an embodiment of the present invention Energy.The present invention be also implemented as executing method as described herein some or all program of device (for example, Computer program and computer program product).It is such to realize that program of the invention can store on a computer-readable medium, Or it may be in the form of one or more signals.Such signal can be downloaded from an internet website to obtain, or It is provided on the carrier signal, or is provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.
The above description is merely a specific embodiment or to the explanation of specific embodiment, protection of the invention Range is not limited thereto, and anyone skilled in the art in the technical scope disclosed by the present invention, can be easily Expect change or replacement, should be covered by the protection scope of the present invention.Protection scope of the present invention should be with claim Subject to protection scope.

Claims (12)

1. a kind of trustship method of sensitive information, which is characterized in that the described method includes:
Application system is registered in cipher key center system, with the registration information by cipher key center system based on the application system Sign-on ID is generated for the application system and selects Encryption Algorithm;
Sensitive information to trustship is sent to cipher key center system by application system, selected to be based on by cipher key center system Encryption Algorithm is encrypted and is stored to the sensitive information;And
Application system receives the sign-on ID and corresponding key from cipher key center system, to need using the sensitive letter Encrypted sensitive information is obtained from the cipher key center system based on the sign-on ID when breath, and is decrypted based on the key Obtain the sensitive information.
2. the method according to claim 1, wherein the method also includes:
The application system will access white list and/or access blacklist is sent to the cipher key center system, by described close Key centring system after the visitor that the visitor for determining to attempt to obtain the encrypted sensitive information is allowed to access Allow this acquisition.
3. the method according to claim 1, wherein the sensitive information is the sensitive configuration of the application system Information, the application system obtain the encrypted sensitive information from the cipher key center system when initializing starting.
4. method described in any one of -3 according to claim 1, which is characterized in that in the application system and the key System is felt concerned about to be deployed in same private network.
5. a kind of application system, which is characterized in that the application system includes:
Registration module, for being that the application system is registered in cipher key center system, to be based on institute by cipher key center system The registration information for stating application system is that the application system generates sign-on ID and selects Encryption Algorithm;
Communication module, for the sensitive information to trustship of the application system to be sent to cipher key center system, by key Centring system is based on selected Encryption Algorithm and the sensitive information is encrypted and stored;
The communication module is also used to receive the sign-on ID and corresponding key from cipher key center system, with need using Encrypted sensitive information is obtained from the cipher key center system based on the sign-on ID when sensitive information;And
Deciphering module, for being decrypted based on encrypted sensitive information acquired in communication module described in the key pair To the sensitive information.
6. a kind of application system, which is characterized in that the application system includes storage device and processor, on the storage device It is stored with the computer program run by the processor, the computer program is executed when being run by the processor as weighed Benefit requires the trustship method of sensitive information described in any one of 1-4.
7. a kind of trustship method of sensitive information, which is characterized in that the described method includes:
Cipher key center system receives the registration information of application system, and is that the application system generates note based on the registration information Volume identifies and selects Encryption Algorithm;
Cipher key center system receives the sensitive information to trustship of the application system, and based on selected Encryption Algorithm to institute Sensitive information is stated to be encrypted and stored;And
The sign-on ID and corresponding key are sent to the application system by cipher key center system, by the application system It is obtained based on the sign-on ID from the cipher key center system when needing using the sensitive information and decrypts to obtain described Sensitive information.
8. the method according to the description of claim 7 is characterized in that the method also includes:
Cipher key center system receives access white list and/or access blacklist from the application system, to obtain receiving trial Take determined when the request of encrypted sensitive information visitor be allowed to access visitor after just allow this acquisition.
9. method according to claim 7 or 8, which is characterized in that the application system and the cipher key center Account Dept Administration is in same private network.
10. a kind of cipher key center system, which is characterized in that the cipher key center system includes:
Communication module, for receiving the registration information of application system and the sensitive information to trustship of the application system;
Generation module, for being application system generation sign-on ID based on the registration information and selecting Encryption Algorithm;
Encrypting module, for the sensitive information to be encrypted and stored based on selected Encryption Algorithm;And
The communication module is also used to the sign-on ID and corresponding key being sent to the application system, to be answered by described It is obtained and is decrypted from the cipher key center system based on the sign-on ID when being needed using the sensitive information with system To the sensitive information.
11. a kind of cipher key center system, which is characterized in that the cipher key center system includes storage device and processor, described The computer program run by the processor is stored on storage device, the computer program is run by the processor The trustship method of sensitive information of the Shi Zhihang as described in any one of claim 7-9.
12. a kind of storage medium, which is characterized in that be stored with computer program, the computer program on the storage medium The trustship method of the sensitive information as described in any one of claim 1-4 or 7-9 is executed at runtime.
CN201910293446.0A 2019-04-12 2019-04-12 Trustship method, application system and the cipher key center system of sensitive information Pending CN110166229A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910293446.0A CN110166229A (en) 2019-04-12 2019-04-12 Trustship method, application system and the cipher key center system of sensitive information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910293446.0A CN110166229A (en) 2019-04-12 2019-04-12 Trustship method, application system and the cipher key center system of sensitive information

Publications (1)

Publication Number Publication Date
CN110166229A true CN110166229A (en) 2019-08-23

Family

ID=67639226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910293446.0A Pending CN110166229A (en) 2019-04-12 2019-04-12 Trustship method, application system and the cipher key center system of sensitive information

Country Status (1)

Country Link
CN (1) CN110166229A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012160944A (en) * 2011-02-01 2012-08-23 Sony Corp Key information management system, recorder/reproducer, and key information management device
CN103617399A (en) * 2013-11-06 2014-03-05 北京深思数盾科技有限公司 Data file protecting method and device
CN105022966A (en) * 2015-07-21 2015-11-04 郭俊雄 Database data encryption and decryption method and system
CN106330858A (en) * 2015-07-02 2017-01-11 阿里巴巴集团控股有限公司 Method and apparatus for realizing data cloud storage
CN106936588A (en) * 2017-04-13 2017-07-07 北京深思数盾科技股份有限公司 A kind of trustship method, the apparatus and system of hardware controls lock
EP2814199B1 (en) * 2012-02-09 2018-02-28 ZTE Corporation Method and system for downloading file
CN108197485A (en) * 2018-01-29 2018-06-22 世纪龙信息网络有限责任公司 terminal data encryption method and system, terminal data decryption method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012160944A (en) * 2011-02-01 2012-08-23 Sony Corp Key information management system, recorder/reproducer, and key information management device
EP2814199B1 (en) * 2012-02-09 2018-02-28 ZTE Corporation Method and system for downloading file
CN103617399A (en) * 2013-11-06 2014-03-05 北京深思数盾科技有限公司 Data file protecting method and device
CN106330858A (en) * 2015-07-02 2017-01-11 阿里巴巴集团控股有限公司 Method and apparatus for realizing data cloud storage
CN105022966A (en) * 2015-07-21 2015-11-04 郭俊雄 Database data encryption and decryption method and system
CN106936588A (en) * 2017-04-13 2017-07-07 北京深思数盾科技股份有限公司 A kind of trustship method, the apparatus and system of hardware controls lock
CN108197485A (en) * 2018-01-29 2018-06-22 世纪龙信息网络有限责任公司 terminal data encryption method and system, terminal data decryption method and system

Similar Documents

Publication Publication Date Title
CN106063185B (en) Method and apparatus for safely shared data
JP7434342B2 (en) Container builder for personalized network services
CN103390124B (en) Safety input and the equipment, system and method for processing password
CN107851167A (en) Protection calculates the technology of data in a computing environment
JP2021533435A (en) Systems and methods for secure electronic transaction platforms
CN106663161B (en) Security host interaction
CN102780689B (en) Service is played up for remote access to application
AU2019204723B2 (en) Cryptographic key management based on identity information
CN105684483A (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
CN109347625A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
KR101923943B1 (en) System and method for remitting crypto currency with enhanced security
CN109587103A (en) For executing the method, apparatus and cloud system of the application in cloud system
US20200154270A1 (en) Secure trusted service manager provider
CN110135854A (en) Actual situation authentication circuit
CN108449315A (en) Ask calibration equipment, method and the computer readable storage medium of legitimacy
US10679183B2 (en) Method and system for distributing and tracking information
US9864853B2 (en) Enhanced security mechanism for authentication of users of a system
JP2016012902A (en) Electronic data utilization system, portable terminal device, and method for electronic data utilization system
CN110166229A (en) Trustship method, application system and the cipher key center system of sensitive information
CN109670338A (en) A kind of method and system of data whole process encryption
Singh et al. Performance analysis of middleware distributed and clustered systems (PAMS) concept in mobile communication devices using Android operating system
CN109614779A (en) A kind of secure data operation method, device, equipment and medium
WO2017159067A1 (en) Information processing apparatus and agent system
CN108985079A (en) Data verification method and verifying system
CN109933994A (en) Data classification storage and device and calculating equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190823

RJ01 Rejection of invention patent application after publication