CN110889696A - Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology - Google Patents
Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology Download PDFInfo
- Publication number
- CN110889696A CN110889696A CN201911181686.8A CN201911181686A CN110889696A CN 110889696 A CN110889696 A CN 110889696A CN 201911181686 A CN201911181686 A CN 201911181686A CN 110889696 A CN110889696 A CN 110889696A
- Authority
- CN
- China
- Prior art keywords
- key
- block chain
- secret key
- enclave
- storing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a storage method, a device, equipment and a medium for a block chain key of a alliance based on an SGX technology, wherein the method comprises the following steps: generating a secret key and encrypting the secret key; importing the generated secret key and the password into a server side where Enclave (SGX secure area) is located through a trusted channel; after the successful import, deleting the corresponding secret key file and the corresponding password, not storing any information about the secret key, and only storing the data encapsulated by the Enclave; when the block chain platform uses the private key, identity authentication needs to be performed first, and after the identity authentication is passed, the encapsulated data needs to be decrypted in an envelope trusted environment. On a blockchain network, the Intel SGX can guarantee code and data security even if an attacker has gained control over the operating system. The SGX technology is adopted for storing the secret key, so that the problem of storing the certificate secret key can be solved.
Description
Technical Field
The invention relates to the field of key storage of a federation block chain, in particular to a method, a device, equipment and a medium for storing a federation block chain key based on an SGX technology.
Background
The blockchain technology is a novel decentralized protocol, digital currency transactions or other data can be safely stored, information cannot be forged and falsified, transaction confirmation on the blockchain is completed by all nodes on the blockchain together, consistency of the transaction confirmation is guaranteed by a consensus algorithm, a public account book is maintained on the blockchain, and any node of the public account book on a storage block is visible, so that the digital currency transactions or other data cannot be forged and falsified.
SGX technology, Intel Software Guard Extensions, is an extension of the Intel instruction architecture for enhancing Software security. In summary, a set of TEE mechanisms provided by an Intel CPU encapsulates legal software in an Enclave (secure area) to protect the software.
The private keys of the traditional federation blockchain certificate are stored locally, for example, in a certificate mechanism of Hyperleger Fabric, the private keys corresponding to different certificates are stored in folders of corresponding local certificates, and if the private keys are leaked or stolen by others, corresponding pseudo certificates can be generated, which brings unnecessary troubles. How to store the private key of the certificate in a sufficiently secure environment for better practical production is also a serious challenge.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, a device, and a medium for storing a federation block chain key based on an SGX technology, which solve the problem that a key file stored in an insecure place may be maliciously stolen, thereby ensuring that a private key of a certificate is stored in a secure environment.
In a first aspect, an embodiment of the present invention provides a method for storing a federation block chain key based on an SGX technology, where the method includes:
s1, key generation: encrypting the secret key generated by using the certificate generation tool or the secret key acquired by a third party by adopting a symmetric encryption mode;
s2, transmitting to an envelope and packaging a secret key: before a block chain platform is operated, a generated secret key and a password are required to be led into a server side where Enclave is located through a trusted channel;
s3, clearing the secret key file and storing the encapsulated file: after the block chain platform is successfully introduced, deleting the corresponding secret key file and the corresponding password by the block chain platform, not storing any information about the secret key, and only storing the data encapsulated by the Enclave by the block chain platform;
s4, using a secret key: when the block chain platform uses the private key, identity authentication needs to be performed firstly, after the identity authentication is passed, the platform decrypts the encapsulated data in the Enclave trusted environment, the process of using the private key is performed in the Enclave trusted environment, and the private key cannot be exposed any more.
Further, in step S1, the key is preferably a private key.
Further, in step S1, the key is encrypted by AES.
Further, in step S1, the password used in the encryption includes numbers, letters, and special symbols.
Further, in step S2, the key is transmitted to the Enclave by using the trusted channel TNC, and the transmitted key is decrypted by using the Enclave and then sealed with the key data.
Further, in step S2, the step of encapsulating the key includes:
the code in the Enclave obtains a seal key by using an EGETKEY instruction, the seal key is derived by combining the identity and the signature information of the Enclave, the secret key is encrypted by adopting symmetric encryption, the encrypted private key is sealed by the public key of the seal key, then the private key is stored on a hard disk, a return value is obtained after encapsulation, and then the return value is stored on a platform.
Further, in step S4, the step of performing identity authentication on the blockchain platform includes:
when the block chain platform uses the envelope and the envelope is to be authenticated, the envelope executes an EREPORRT instruction, the identity and the additional information of the envelope generate a REPORT structure, a REPORT key of the queuing envelope is used for generating a MAC, the MAC and the REPORT structure are sent to a QE, the QE verifies the structure, the structure is packaged into a QUOTE structure, the signature is signed by using the read EPID key, the QUOTE and the signature are sent to a server side for verification, and the server side verifies by using the authentication service provided by the intel and returns a verification message to the block chain platform.
In a second aspect, an embodiment of the present invention provides a federation block chain key storage device based on an SGX technology, including:
the key generation module is used for generating a key and encrypting the key;
the transmission and encapsulation module is used for importing the generated secret key and the password into a server end where the Enclave is located through a trusted channel, and encapsulating the secret key after the generated secret key;
the clearing and packaging storage module is used for deleting the corresponding secret key file and the corresponding password after the successful import, not storing any information about the secret key, and only storing the data packaged by the Enclave;
and the secret key using module is used for firstly carrying out identity authentication and decrypting the encapsulated data in an Enclave trusted environment after the identity authentication is passed.
In a third aspect, an embodiment of the present invention provides an apparatus, including:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a federated blockchain key storage method that is based on SGX technology as described in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is configured to, when executed by a processor, implement a federation block chain key storage method based on SGX technology according to the first aspect.
The embodiment of the invention adopting at least one technical scheme can achieve the following beneficial effects:
the block chain generally selects to store the certificate key on a block chain platform or to be stored by a user, but if the block chain is attacked maliciously by an attacker, the corresponding key may be lost, and the key storage method based on the SGX can well solve the problem of storing the certificate key.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram of the overall implementation of the method of the present invention;
FIG. 2 is a flow chart of the overall architecture of the method of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and preferred embodiments, and the objects and effects of the present invention will become more apparent, and the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The secret key comprises a public key and a private key, the private key is used for signing, the public key is used for signature verification, the private key needs to be kept properly in an actual scene, and the public key is used for being sent to a person needing signature verification.
The first embodiment is as follows:
fig. 1 is a schematic diagram illustrating an overall implementation of a method for storing a federation block chain key based on an SGX technology in an embodiment of the present application, and fig. 2 is a flowchart illustrating an overall architecture of the method for storing a federation block chain key based on an SGX technology in an embodiment of the present application. The certificate key in the embodiment of the present application may be a chain certificate key, an organization certificate key, a node certificate key, or an sdk certificate key. The following description will use the private key in the certificate file keystore generated by the Hyperhedger Fabric platform as an example to describe the certificate key in detail.
S1: the server side firstly needs to install a corresponding environment supported by SGX, needs to install SGXSDK provided by Intel, generates a corresponding certificate file and a private key thereof by utilizing a tool cryptogen carried by Hyperleger Fabric, takes the private key under a generated keystone folder as an example, and encrypts the private key file by utilizing a symmetric encryption algorithm, such as an AES encryption algorithm, and stores the encrypted private key file, wherein the password needs certain complexity requirements (numbers, letters and special symbols), but does not need a very complex password so as to avoid increasing the memory pressure.
S2: the Hyperleger Fabric platform requests identity authentication for the envelope of the server side, after the authentication is passed, the Hyperleger Fabric transmits the private key file and the AES symmetric secret key to the envelope of the server side through the trusted channel TNC, the encrypted private key file is decrypted inside the envelope by using the secret key, then the private key is encrypted by using the symmetric encryption inside the envelope, and then the seal is performed by using the public key of the seal key.
After the file is transmitted to the Enclave, the Enclave encrypts the decrypted key file by adopting a symmetric encryption algorithm, randomly generates a symmetric key through a random number in the Enclave, encrypts the transmitted key file by using the symmetric encryption algorithm, calls the EGETKEY to obtain the seal key, encrypts the encrypted data and the symmetric key by using the public key of the seal key and then encapsulates the encrypted data and the symmetric key in a disk, and cannot decrypt or take out the symmetric key when the private key file is not used.
S3: after the private key file is transmitted and packaged, the private key plaintext on the Hyperleger Fabric platform and the encrypted private key file are completely deleted, and the Enclave end stores the packaged private key file in the Enclave to the HyperleggerFabric platform.
S4: when the Hyperleger Fabric platform signs a certificate by using a private key, the platform needs to request identity authentication for the envelope first, after the authentication is passed, the encapsulated data is decrypted inside the envelope, and the private key is used inside the envelope, so that the clear text of the private key cannot be exposed in the process if the certificate is signed.
The Hyperleger Fabric performs identity request authentication on Enclave, and the Enclave executes an EREPORRT instruction, generates a REPORT structure by using the identity of the Enclave and additional information, generates an MAC by using a reporting key of a queuing Enclave (called QE, one of multiple built-in enclaves), then sends the MAC together with the REPORT structure to QE, the QE verifies the structure, encapsulates the structure into a QUOTE structure, signs the QUOTE structure by using a read EPID key, sends the QUOTE and the signature together to a server for verification, and the server verifies by using an authentication service provided by intel and returns a verification message to a block chain platform.
And when decrypting the encapsulated data, using the EGETKEY instruction to take out the private key of the seal key, decrypting the encapsulated data, taking out the symmetric key encrypted by the private key, and decrypting the encrypted private key again to obtain the plaintext of the private key.
It should be noted that the present invention is also applicable to the encrypted storage of any key in the block chain.
Example two:
the storage device for the federation block chain key based on the SGX technology provided by this embodiment may be configured in a block chain node, and the storage device may execute the storage method for the federation block chain key based on the SGX technology provided by this embodiment of the present invention, and has corresponding functional modules and beneficial effects of the storage device for the federation block chain key based on the SGX technology. The device includes:
the key generation module is used for generating a key and encrypting the key;
the transmission and encapsulation module is used for importing the generated secret key and the password into a server end where the Enclave is located through a trusted channel, and encapsulating the secret key after the generated secret key;
the clearing and packaging storage module is used for deleting the corresponding secret key file and the corresponding password after the successful import, not storing any information about the secret key, and only storing the data packaged by the Enclave;
and the secret key using module is used for firstly carrying out identity authentication and decrypting the encapsulated data in an Enclave trusted environment after the identity authentication is passed.
Illustratively, the transmission and encapsulation module includes a key encapsulation unit, configured to obtain a seal key by using an EGETKEY instruction for a code in the envelope, where the seal key is derived by combining an identity of the envelope and signature information, encrypt the key by using symmetric encryption, seal the encrypted private key by using a public key of the seal key, store the sealed private key in the hard disk, obtain a return value after encapsulation, and store the return value in the platform.
Illustratively, the key using module includes an identity authentication unit, configured to, when using Enclave and when authenticating the Enclave, execute an erepet command by the Enclave, generate a REPORT structure from the identity of the Enclave and additional information, generate a MAC using a reporting key of the querying Enclave, send the MAC and the REPORT structure to a QE, where the QE verifies the structure, encapsulate the structure into a queue structure, sign the queue structure using the read EPID key, send the queue and the signature together to a server for verification, where the server verifies using an authentication service provided by intel and returns a verification message to the block chain platform.
Example three:
the present embodiments provide a device, the components of which may include but are not limited to: one or more processors or processing units, memory. The memory is used for storing one or more programs; when executed by the one or more processors, cause the one or more processors to implement the method for storing a federation blockchain key based on SGX technology according to embodiment one.
The memory is a storage device capable of supporting SGX operations (a list of supported devices detailing the Intel SGX official website), and may include at least one program product having a set (e.g., at least one) of program modules configured to perform the functions of embodiments of the present invention.
A program/utility having a set (at least one) of program modules may be stored, for instance, in memory, such program modules including, but not limited to, one or more application programs, other program modules, and program data, each of which examples or some combination may comprise an implementation of a network environment. The program modules generally perform the functions and/or methodologies of the described embodiments of the invention.
The device may also communicate with one or more SGX-configured devices and also with one or more devices that enable a user to interact with the device. Such communication may be through Intel SGX identity authentication.
The processing unit executes various functional applications and data processing by executing programs stored in the memory, for example, implementing a parallel execution method of transaction requests provided by an embodiment of the present invention.
Example four:
the present embodiment also provides a computer-readable storage medium, on which a computer program (or referred to as computer-executable instructions) is stored, where the program, when executed by a processor, is configured to perform a federation blockchain key storage method based on the SGX technology, where the method is described in the first embodiment.
The embodiment of the invention can be used for designing the language in the language of 'C/C + +' and is not supported by other languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and although the invention has been described in detail with reference to the foregoing examples, it will be apparent to those skilled in the art that various changes in the form and details of the embodiments may be made and equivalents may be substituted for elements thereof. All modifications, equivalents and the like which come within the spirit and principle of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A alliance block chain key storage method based on SGX technology is characterized by comprising the following steps:
s1, key generation: generating a secret key and encrypting the secret key;
s2, transmitting to an envelope and packaging a secret key: before a block chain platform is operated, a generated secret key and a password are required to be led into a server side where Enclave is located through a trusted channel;
s3, clearing the secret key file and storing the encapsulated file: after the block chain platform is successfully introduced, deleting the corresponding secret key file and the corresponding password by the block chain platform, not storing any information about the secret key, and only storing the data encapsulated by the Enclave by the block chain platform;
s4, using a secret key: when the block chain platform uses the private key, identity authentication needs to be performed first, and after the identity authentication is passed, the platform decrypts the encapsulated data in an envelope trusted environment.
2. The SGX technology-based federation block chain key storage method of claim 1, wherein in the step S1, the key is preferably a private key.
3. The SGX technology-based federation block chain key storage method of claim 2, wherein in step S1, the key is encrypted by AES.
4. The SGX technology-based federation block chain key storage method of claim 3, wherein in step S1, the password used in encryption includes numbers, letters, special symbols.
5. The SGX technology-based alliance block chain key storage method as claimed in claim 1, wherein in step S2, the key is transmitted to an Enclave using a trusted channel TNC, and the transmitted key is decrypted by using the Enclave and then sealed with key data.
6. The SGX technology-based federation block chain key storage method of claim 1, wherein in step S2, the step of encapsulating the key comprises:
the code in the Enclave obtains a seal key by using an EGETKEY instruction, the seal key is derived by combining the identity and the signature information of the Enclave, the secret key is encrypted by adopting symmetric encryption, the encrypted private key is sealed by the public key of the seal key, then the private key is stored on a hard disk, a return value is obtained after encapsulation, and then the return value is stored on a platform.
7. The SGX technology-based federation blockchain key storage method of claim 1, wherein in step S4, the step of performing identity authentication on the blockchain platform includes:
when the block chain platform uses the envelope and the envelope is to be authenticated, the envelope executes an EREPORRT instruction, the identity and the additional information of the envelope generate a REPORT structure, a REPORT key of the queuing envelope is used for generating a MAC, the MAC and the REPORT structure are sent to a QE, the QE verifies the structure, the structure is packaged into a QUOTE structure, the signature is signed by using the read EPID key, the QUOTE and the signature are sent to a server side for verification, and the server side verifies by using the authentication service provided by the intel and returns a verification message to the block chain platform.
8. A device for storing a federation blockchain key based on SGX technology, comprising:
the key generation module is used for generating a key and encrypting the key;
the transmission and encapsulation module is used for importing the generated secret key and the password into a server end where the Enclave is located through a trusted channel, and encapsulating the secret key after the generated secret key;
the clearing and packaging storage module is used for deleting the corresponding secret key file and the corresponding password after the successful import, not storing any information about the secret key, and only storing the data packaged by the Enclave;
and the secret key using module is used for firstly carrying out identity authentication and decrypting the encapsulated data in an Enclave trusted environment after the identity authentication is passed.
9. An apparatus, comprising:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a federated blockchain key storage method as recited in any one of claims 1-7 that is based on SGX technology.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements a federation block chain key storage method based on SGX technology as claimed in any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911181686.8A CN110889696A (en) | 2019-11-27 | 2019-11-27 | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911181686.8A CN110889696A (en) | 2019-11-27 | 2019-11-27 | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110889696A true CN110889696A (en) | 2020-03-17 |
Family
ID=69749052
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911181686.8A Pending CN110889696A (en) | 2019-11-27 | 2019-11-27 | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110889696A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111090875A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Contract deployment method and device |
CN111475782A (en) * | 2020-04-08 | 2020-07-31 | 浙江大学 | API (application program interface) key protection method and system based on SGX (secure gateway) software extension instruction |
CN112182615A (en) * | 2020-09-29 | 2021-01-05 | 北京电子科技学院 | Cloud computing key protection system based on SGX and ORAM technology |
CN112487505A (en) * | 2020-11-23 | 2021-03-12 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
CN112633858A (en) * | 2021-01-05 | 2021-04-09 | 润联软件系统(深圳)有限公司 | Process approval processing method and system |
CN112668030A (en) * | 2021-03-09 | 2021-04-16 | 邓晨 | Identity ID (identity) confirmation and environment safety authentication method for financial self-service terminal |
CN112711774A (en) * | 2021-03-25 | 2021-04-27 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
CN113297614A (en) * | 2021-05-13 | 2021-08-24 | 江苏南工科技集团有限公司 | Data encryption authentication and security analysis method based on block chain technology |
CN113691530A (en) * | 2021-08-24 | 2021-11-23 | 上海瓶钵信息科技有限公司 | Symmetric key generation management system, method, equipment and medium based on SGX |
WO2022193527A1 (en) * | 2021-03-18 | 2022-09-22 | 腾讯云计算(北京)有限责任公司 | Local key escrow method and apparatus based on trusted computing, device, and medium |
US11700125B2 (en) | 2020-10-05 | 2023-07-11 | Redcom Laboratories, Inc. | zkMFA: zero-knowledge based multi-factor authentication system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107919954A (en) * | 2017-10-20 | 2018-04-17 | 浙江大学 | A kind of block chain user key guard method and device based on SGX |
CN109150517A (en) * | 2018-09-04 | 2019-01-04 | 大唐高鸿信安(浙江)信息科技有限公司 | Key security management system and method based on SGX |
CN109766712A (en) * | 2018-12-14 | 2019-05-17 | 华东师范大学 | A kind of reference report circulation method based on block chain and Intel SGX |
CN109862046A (en) * | 2019-04-10 | 2019-06-07 | 南京大学 | Anonymous methods can be traced in a kind of alliance's chain |
CN110138799A (en) * | 2019-05-30 | 2019-08-16 | 东北大学 | A kind of secure cloud storage method based on SGX |
-
2019
- 2019-11-27 CN CN201911181686.8A patent/CN110889696A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107919954A (en) * | 2017-10-20 | 2018-04-17 | 浙江大学 | A kind of block chain user key guard method and device based on SGX |
CN109150517A (en) * | 2018-09-04 | 2019-01-04 | 大唐高鸿信安(浙江)信息科技有限公司 | Key security management system and method based on SGX |
CN109766712A (en) * | 2018-12-14 | 2019-05-17 | 华东师范大学 | A kind of reference report circulation method based on block chain and Intel SGX |
CN109862046A (en) * | 2019-04-10 | 2019-06-07 | 南京大学 | Anonymous methods can be traced in a kind of alliance's chain |
CN110138799A (en) * | 2019-05-30 | 2019-08-16 | 东北大学 | A kind of secure cloud storage method based on SGX |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111090875A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Contract deployment method and device |
CN111475782A (en) * | 2020-04-08 | 2020-07-31 | 浙江大学 | API (application program interface) key protection method and system based on SGX (secure gateway) software extension instruction |
CN111475782B (en) * | 2020-04-08 | 2022-11-08 | 浙江大学 | API (application program interface) key protection method and system based on SGX (generalized Standard X) software extension instruction |
CN112182615A (en) * | 2020-09-29 | 2021-01-05 | 北京电子科技学院 | Cloud computing key protection system based on SGX and ORAM technology |
US11831778B2 (en) | 2020-10-05 | 2023-11-28 | Redcom Laboratories, Inc. | zkMFA: zero-knowledge based multi-factor authentication system |
US11700125B2 (en) | 2020-10-05 | 2023-07-11 | Redcom Laboratories, Inc. | zkMFA: zero-knowledge based multi-factor authentication system |
CN112487505A (en) * | 2020-11-23 | 2021-03-12 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
CN112633858A (en) * | 2021-01-05 | 2021-04-09 | 润联软件系统(深圳)有限公司 | Process approval processing method and system |
CN112668030A (en) * | 2021-03-09 | 2021-04-16 | 邓晨 | Identity ID (identity) confirmation and environment safety authentication method for financial self-service terminal |
WO2022193527A1 (en) * | 2021-03-18 | 2022-09-22 | 腾讯云计算(北京)有限责任公司 | Local key escrow method and apparatus based on trusted computing, device, and medium |
CN112711774B (en) * | 2021-03-25 | 2023-01-10 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
CN112711774A (en) * | 2021-03-25 | 2021-04-27 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
CN113297614A (en) * | 2021-05-13 | 2021-08-24 | 江苏南工科技集团有限公司 | Data encryption authentication and security analysis method based on block chain technology |
CN113691530A (en) * | 2021-08-24 | 2021-11-23 | 上海瓶钵信息科技有限公司 | Symmetric key generation management system, method, equipment and medium based on SGX |
CN113691530B (en) * | 2021-08-24 | 2023-04-07 | 上海瓶钵信息科技有限公司 | Symmetric key generation management system, method, equipment and medium based on SGX |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110889696A (en) | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology | |
CN110138799B (en) | SGX-based secure cloud storage method | |
CN109510708B (en) | Public key password calculation method and system based on Intel SGX mechanism | |
US8660266B2 (en) | Method of delivering direct proof private keys to devices using an on-line service | |
CN112737779B (en) | Cryptographic machine service method, device, cryptographic machine and storage medium | |
US10680816B2 (en) | Method and system for improving the data security during a communication process | |
US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
US10880100B2 (en) | Apparatus and method for certificate enrollment | |
CN107453880B (en) | Cloud data secure storage method and system | |
CN103378971A (en) | Data encryption system and method | |
EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
US11783091B2 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
CN113645235A (en) | Distributed data encryption and decryption system and encryption and decryption method | |
US20230153445A1 (en) | Enhanced security systems and methods using a hybrid security solution | |
Hussien et al. | Scheme for ensuring data security on cloud data storage in a semi-trusted third party auditor | |
CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
KR20140071775A (en) | Cryptography key management system and method thereof | |
KR101929355B1 (en) | Encryption and decryption system using unique serial number and symmetric cryptography | |
CN101834852A (en) | Realization method of credible OpenSSH for protecting platform information | |
CN114285557A (en) | Communication encryption method, system and device | |
US20210111901A1 (en) | Executing entity-specific cryptographic code in a trusted execution environment | |
Bouamama et al. | Cloud Key Management using Trusted Execution Environment. | |
JP7385025B2 (en) | Execution of Entity-Specific Cryptographic Code in a Cryptographic Coprocessor | |
JP2013179453A (en) | Computer system and computing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200317 |