CN110955883A - Method, device, equipment and storage medium for generating user key - Google Patents
Method, device, equipment and storage medium for generating user key Download PDFInfo
- Publication number
- CN110955883A CN110955883A CN201911184416.2A CN201911184416A CN110955883A CN 110955883 A CN110955883 A CN 110955883A CN 201911184416 A CN201911184416 A CN 201911184416A CN 110955883 A CN110955883 A CN 110955883A
- Authority
- CN
- China
- Prior art keywords
- key
- server
- user
- registration information
- user registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method, a device, equipment and a storage medium for generating a user key. Wherein the method is performed by a key parser, the method comprising: responding to a first key generation instruction of a user, and determining a first key of the user according to user registration information in the first key generation instruction and the first key of the server; responding to a second key generation instruction of the user, and sending user registration information in the second key generation instruction to the server for auditing; and receiving an auditing result of the user registration information fed back by the server, and determining a second key of the user according to the second key of the server and the first key of the user if the auditing is passed. The embodiment of the invention determines the user key by adopting the key resolver, and verifies the user registration information by the server, thereby avoiding information leakage caused by overlarge authority of the key resolver.
Description
Technical Field
The embodiment of the invention relates to computer communication and information security technology, in particular to a method, a device, equipment and a storage medium for generating a user key.
Background
With the development of information technology, information security is more and more concerned by people. When people exchange information, in order to avoid information leakage, the information needs to be kept secret by using a private key of a special person.
A technology widely used at present to guarantee the security and integrity of information is called "PKI" (public key Infrastructure), and a trusted authority CA (digital certificate authority) is used to bind a user public key and user identity information. The user public key can also be deduced from the user identity information by using an identity-based cryptosystem, and then a trusted Private key resolver (PKG) generates the user Private key.
Under the PKI system, before a user communicates, the user needs to register a corresponding certificate in advance with a CA, and the CA stores the certificate in a certificate repository, so that the process of requesting to verify the identity of the user becomes complicated. In an identity-based cryptosystem, a private key resolver and a server are integrated, and a system private key of the server is transparent, so that hidden danger is caused to information safety of a user.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for generating a user key, in which a server checks user registration information, and a key parser generates a user key, so that the right of the key parser is restricted, and reliability and security of user key generation are improved.
In a first aspect, an embodiment of the present invention provides a user key generation method, which is performed by a key parser, and the method includes:
responding to a first key generation instruction of a user, and determining a first key of the user according to user registration information in the first key generation instruction and the first key of the server;
responding to a second key generation instruction of the user, and sending user registration information in the second key generation instruction to the server for auditing;
and receiving an auditing result of the user registration information fed back by the server, and determining a second key of the user according to the second key of the server and the first key of the user if the auditing is passed.
Optionally, before determining the first key of the user according to the user registration information in the first key generation instruction and the first key of the server, the method further includes:
determining a second key of the server according to the system parameters of the server, and storing the second key of the server;
and determining a first key of the server according to the second key of the server and the system parameters of the server, and sending the first key of the server to the server.
Optionally, the user registration information is a user registration information ciphertext obtained by encrypting a user registration information original text by using a first key of the server;
accordingly, the method further comprises:
and decrypting the user registration information ciphertext by adopting a second secret key of the server to obtain a user registration information original text.
Optionally, the sending the user registration information in the second key generation instruction to the server for auditing includes:
sending the decrypted user registration information original text to a server, comparing the decrypted user registration information original text with candidate registration information stored in the server, and searching whether registration information matched with the user registration information exists or not;
and if so, the user registration information is approved.
Optionally, the determining the second key of the user according to the second key of the server and the first key of the user includes:
determining the second key of the user according to the second key of the server and the first key of the user by the following formula:
SKu=s·PKu
wherein SKuIs the second key of the user, s is the second key of the server, PKuIs the first key of the user.
In a second aspect, an embodiment of the present invention further provides a user key generation apparatus, configured on a key parser, where the apparatus includes:
the first key determining module of the user is used for responding to a first key generating instruction of the user and determining a first key of the user according to the user registration information in the first key generating instruction and the first key of the server;
the user registration information auditing module is used for responding to a second key generation instruction of the user and sending the user registration information in the second key generation instruction to the server for auditing;
and the user second key determining module is used for receiving an auditing result of the user registration information fed back by the server, and determining the second key of the user according to the second key of the server and the first key of the user if the auditing result is passed.
Optionally, the apparatus further comprises:
the server second key determining module is used for determining a second key of the server according to the system parameters of the server and storing the second key of the server;
and the server first key determining module is used for determining the first key of the server according to the second key of the server and the system parameters of the server and sending the first key of the server to the server.
Optionally, the user registration information is a user registration information ciphertext obtained by encrypting a user registration information original text by using a first key of the server;
correspondingly, the device further comprises:
and the user registration information decryption module is used for decrypting the user registration information ciphertext by adopting a second secret key of the server to obtain a user registration information original text.
In a third aspect, an embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the user key generation method according to any embodiment of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the user key generation method according to any of the embodiments of the present invention.
The embodiment of the invention determines the first key of the user by acquiring the registration information of the user and the first key of the server, and determines the second key of the user by the second key of the server and the first key of the user after the server verifies that the registration information of the user is legal. The functions of the server and the key resolver are separated, the problem that the key resolver and the server are integrated to cause overlarge authority of the key resolver is solved, and the reliability and the safety of a user for obtaining the key are improved.
Drawings
Fig. 1 is a schematic flowchart of a user key generation method according to a first embodiment of the present invention;
fig. 2 is a schematic flowchart of a user key generation method in the second embodiment of the present invention;
fig. 3 is a block diagram of a user key generation apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart illustrating a user key generation method according to an embodiment of the present invention, where the present embodiment is applicable to a case of generating a key, and the method may be executed by a user key generation apparatus configured in a key parser. As shown in fig. 1, the method specifically includes the following steps:
The user registers the user on the application terminal, and the user registration information is stored in the server, wherein the user registration information may include a user account and a user password. The key resolver responds to a first key generation instruction sent by a user on the application terminal, acquires user registration information and a first key of the server from the server, and encrypts the user registration information by the first key of the server, wherein the first key of the server can be a system public key of the server.
Optionally, the user registration information is a user registration information ciphertext obtained by encrypting a user registration information original text by using a first key of the server; correspondingly, the method further comprises: and decrypting the user registration information ciphertext by adopting a second secret key of the server to obtain a user registration information original text.
Specifically, after obtaining the encrypted user registration information, the key parser calls a second key of the server from a TEE (trusted execution Environment) of the key parser, and decrypts the user registration information ciphertext. The second key of the server may be a system private key of the server, and the TEE of the key resolver may be constituted by a hardware TrustZone. And decrypting the system public key of the server by the system secret key of the server to obtain the original text of the user registration information. The user registration information original text is encrypted, so that the user registration information can be prevented from being leaked in the transmission process, and the security of obtaining the user key is improved.
After obtaining the user registration information text, determining a first key of the user according to the user registration information text and the server system parameter, where the first key of the user may be a personal public key of the user, and the server system parameter may include a hash function. The first key of the user may be calculated by a hash function, for example, the hash function is denoted as H, H may be determined by a q-order addition cycle group, and the q-order addition cycle group is denoted as G, where q is a large prime number. A specific elliptic curve can be selected according to the safety factor k, and then q is selected according to the elliptic curve. For example, give an ampereThe total coefficient is k-256, and the selected elliptic curve is y2=x3+ x, q is a large prime number modulo 4 by 3. According to points on the elliptic curve, G is formed, then a hash function H is selected, and H can map any character string into a certain coordinate in G, namely H: {0,1}*→ G. The first key of the user is denoted as PKu,PKuH (ID), where the ID may represent the user registration information original text.
And step 120, responding to a second key generation instruction of the user, and sending the user registration information in the second key generation instruction to the server for auditing.
The user inputs user registration information on the application terminal and sends a second key generation request, the key resolver responds to a second key generation instruction sent by the user on the application terminal, obtains a user registration information original text in the second key generation instruction, and obtains a first key of the server from the server to encrypt the user registration information original text, so that the safety of information interaction is improved. And the key parser calls a second key of the server from the TEE to decrypt the user registration information ciphertext to obtain a user registration information original text, and the user registration information original text is sent to the server for auditing. In this embodiment, a manner of encrypting the user registration information by using the first key of the server is not particularly limited, and an identity-based encryption scheme, such as the identity-based encryption scheme proposed by Dan Boneh and Matt Franklin, may be adopted.
Optionally, the decrypted original text of the user registration information is sent to a server, and is compared with candidate registration information stored in the server to find whether registration information matched with the user registration information exists or not; and if so, the user registration information is approved.
Specifically, the server receives the decrypted original text of the user registration information, compares the original text of the user registration information with the registered candidate registration information stored in the server, finds whether the candidate registration information has registration information matched with the original text of the user registration information, and determines whether the account of the user is a registered account. If the registration information matched with the user registration information original text exists, the user registration information original text is considered to be legal, and the verification is passed; if the user registration information does not exist, the user registration information original text is considered invalid, and the second key of the user cannot be generated. The method has the advantages that the situation that a user can generate a second key at will is avoided, the reliability and the safety of user key generation are improved, the functions of the key resolver and the server are divided, the normalization of a key generation process is realized, the function use of the key resolver is restrained, and the key safety is enhanced.
And step 130, receiving an audit result of the user registration information fed back by the server, and if the audit result passes, determining the second key of the user according to the second key of the server and the first key of the user.
And if the user registration information is approved, determining a second key of the user in the key analyzer. The calculation may be performed according to the second key of the server and the first key of the user, for example, the calculation formula is as follows:
SKu=s·PKu
wherein SKuThe second key is the user, and can also be the personal private key of the user; s is a second key of the server, and can also be a system private key of the server; PKuThe first key, which is the user, may also be the personal public key of the user. After the user gets the second key of the user, the user can use the second key to complete the operation related to the identity-based cryptosystem.
According to the technical scheme of the embodiment, the first key of the user is determined by acquiring the registration information of the user and the first key of the server. And the key analyzer sends the user registration information to the server for auditing, and after the server audits that the user registration information is legal, the second key of the user is determined through the second key of the server and the first key of the user. The problem of among the prior art, key resolver and server be as an organic whole, lead to key resolver's execution environment untrusted, cause the information to reveal is solved. The functions of the server and the key resolver are separated, the normalization of a user key generation process is realized, the reliability and the safety of a user for obtaining the key are improved, and the information leakage is avoided.
Example two
Fig. 2 is a flowchart illustrating a user key generation method according to a second embodiment of the present invention, which is further optimized based on the second embodiment, and the method can be executed by a user key generation apparatus configured in a key parser. As shown in fig. 2, the method specifically includes the following steps:
and step 210, determining a second key of the server according to the system parameters of the server, and storing the second key of the server.
The key resolver acquires system parameters stored in the server, and can be divided into a trusted execution module and a trusted storage module. The trusted execution module is a module for calculating a key by acquiring user registration information and server system parameters, and the trusted storage module is a trusted execution environment and is used for storing a second key of the server and ensuring the non-transparency of the second key of the server. The system parameters of the server may include a hash function, and may also include generator P in q, q order addition cycle groups G and G, where P is a point on an elliptic curve. The trusted execution module may determine the second key of the server according to the system parameter of the server. For example, a number s may be randomly selected as a second key of the server, that is, a system private key of the server according to the value of q. Can be determined by the formula:
wherein s represents a second secret key of the server and is a random positive integer from 1 to q-1 in the real number R. The second key of the server is stored in a trusted storage module of the key resolver.
And step 220, determining the first key of the server according to the second key of the server and the system parameters of the server, and sending the first key of the server to the server.
And the trusted execution module in the key parser acquires P in the system parameters of the server, and determines a first key of the server according to a second key of the server and the system parameters P. For example, it can be calculated according to the formula:
PK=s·P
where PK is the first key of the server and s is the second key of the server. And the trusted execution module determines a first key of the server and then sends the first key of the server to the server for storage.
And step 250, receiving an audit result of the user registration information fed back by the server, and if the audit result passes, determining a second key of the user according to the second key of the server and the first key of the user.
The embodiment of the invention determines the second secret key of the server by acquiring the system parameters of the server, and further determines the first secret key of the server according to the second secret key of the server, wherein the first secret key of the server is stored in the server, and the second secret key of the server is stored in the secret key analyzer. And generating a first user key and a second user key according to the first server key, the second server key and the user registration information. The server and the key resolver are separated, the information security of the second key of the server is ensured, the random generation of the user key is avoided, and the security and the reliability of the generation of the user key are improved.
EXAMPLE III
Fig. 3 is a block diagram of a user key generation apparatus according to an embodiment of the present invention, configured in a key parser, and capable of executing a user key generation method according to any embodiment of the present invention, where the user key generation apparatus has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 3, the apparatus specifically includes:
a user first key determining module 301, configured to respond to a first key generation instruction of a user, and determine a first key of the user according to user registration information in the first key generation instruction and a first key of a server;
the user registration information auditing module 302 is used for responding to a second key generation instruction of the user and sending the user registration information in the second key generation instruction to the server for auditing;
the user second key determining module 303 is configured to receive an audit result of the user registration information fed back by the server, and determine the second key of the user according to the second key of the server and the first key of the user if the audit result passes.
Optionally, the apparatus further comprises:
the server second key determining module is used for determining a second key of the server according to the system parameters of the server and storing the second key of the server;
and the server first key determining module is used for determining the first key of the server according to the second key of the server and the system parameters of the server and sending the first key of the server to the server.
Optionally, the user registration information is a user registration information ciphertext obtained by encrypting a user registration information original text by using a first key of the server;
correspondingly, the device also comprises:
and the user registration information decryption module is used for decrypting the user registration information ciphertext by adopting the second secret key of the server to obtain the user registration information original text.
Optionally, the user registration information auditing module 302 is specifically configured to:
sending the decrypted user registration information original text to a server, comparing the decrypted user registration information original text with candidate registration information stored in the server, and searching whether registration information matched with the user registration information exists or not;
and if so, the user registration information is approved.
Optionally, the user second key determining module 303 is specifically configured to:
determining the second key of the user according to the second key of the server and the first key of the user by the following formula:
SKu=s·PKu
wherein SKuIs the second key of the user, s is the second key of the server, PKuIs the first key of the user.
The embodiment of the invention determines the first key of the user by acquiring the user registration information and the first key of the server. And the key analyzer sends the user registration information to the server for auditing, and after the server audits that the user registration information is legal, the server determines a second key of the user through the second key of the server and the first key of the user. The functions of the server and the key resolver are separated, and the problem that in the prior art, the key resolver and the server are integrated, so that the execution environment of the key resolver is not trusted is solved. The normalization of the user key generation process is realized, the reliability and the safety of the user for obtaining the key are improved, and the information leakage is avoided.
Example four
Fig. 4 is a schematic structural diagram of a computer device according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 400 suitable for use in implementing embodiments of the present invention. The computer device 400 shown in fig. 4 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present invention.
As shown in fig. 4, computer device 400 is in the form of a general purpose computing device. The components of computer device 400 may include, but are not limited to: one or more processors or processing units 401, a system memory 402, and a bus 403 that couples the various system components (including the system memory 402 and the processing unit 401).
The system memory 402 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)404 and/or cache memory 405. The computer device 400 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 406 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 403 by one or more data media interfaces. Memory 402 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 408 having a set (at least one) of program modules 407 may be stored, for example, in memory 402, such program modules 407 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 407 generally perform the functions and/or methods of the described embodiments of the invention.
The computer device 400 may also communicate with one or more external devices 409 (e.g., keyboard, pointing device, display 410, etc.), with one or more devices that enable a user to interact with the computer device 400, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 400 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interface 411. Moreover, computer device 400 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 412. As shown, network adapter 412 communicates with the other modules of computer device 400 over bus 403. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computer device 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 401 executes various functional applications and data processing by running a program stored in the system memory 402, for example, to implement a user key generation method provided by an embodiment of the present invention, including:
responding to a first key generation instruction of a user, and determining a first key of the user according to user registration information in the first key generation instruction and the first key of the server;
responding to a second key generation instruction of the user, and sending the user registration information in the second key generation instruction to the server for auditing;
and receiving an auditing result of the user registration information fed back by the server, and determining a second key of the user according to the second key of the server and the first key of the user if the auditing is passed.
EXAMPLE five
The fifth embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the storage medium stores a computer program, and when the computer program is executed by a processor, the method for generating a user key according to the fifth embodiment of the present invention is implemented, where the method includes:
responding to a first key generation instruction of a user, and determining a first key of the user according to user registration information in the first key generation instruction and the first key of the server;
responding to a second key generation instruction of the user, and sending the user registration information in the second key generation instruction to the server for auditing;
and receiving an auditing result of the user registration information fed back by the server, and determining a second key of the user according to the second key of the server and the first key of the user if the auditing is passed.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A user key generation method, performed by a key parser, the method comprising:
responding to a first key generation instruction of a user, and determining a first key of the user according to user registration information in the first key generation instruction and the first key of the server;
responding to a second key generation instruction of the user, and sending user registration information in the second key generation instruction to the server for auditing;
and receiving an auditing result of the user registration information fed back by the server, and determining a second key of the user according to the second key of the server and the first key of the user if the auditing is passed.
2. The method of claim 1, before determining the first key of the user according to the user registration information in the first key generation instruction and the first key of the server, further comprising:
determining a second key of the server according to the system parameters of the server, and storing the second key of the server;
and determining a first key of the server according to the second key of the server and the system parameters of the server, and sending the first key of the server to the server.
3. The method according to claim 1, wherein the user registration information is a user registration information ciphertext obtained by encrypting a user registration information original text by using a first key of a server;
accordingly, the method further comprises:
and decrypting the user registration information ciphertext by adopting a second secret key of the server to obtain a user registration information original text.
4. The method according to claim 1, wherein the sending the user registration information in the second key generation instruction to the server for auditing comprises:
sending the decrypted user registration information original text to a server, comparing the decrypted user registration information original text with candidate registration information stored in the server, and searching whether registration information matched with the user registration information exists or not;
and if so, the user registration information is approved.
5. The method of claim 1, wherein determining the second key of the user based on the second key of the server and the first key of the user comprises:
determining the second key of the user according to the second key of the server and the first key of the user by the following formula:
SKu=s·PKu
wherein SKuIs the second key of the user, s is the second key of the server, PKuIs the first key of the user.
6. A user key generation apparatus, provided on a key parser, comprising:
the first key determining module of the user is used for responding to a first key generating instruction of the user and determining a first key of the user according to the user registration information in the first key generating instruction and the first key of the server;
the user registration information auditing module is used for responding to a second key generation instruction of the user and sending the user registration information in the second key generation instruction to the server for auditing;
and the user second key determining module is used for receiving an auditing result of the user registration information fed back by the server, and determining the second key of the user according to the second key of the server and the first key of the user if the auditing result is passed.
7. The apparatus of claim 6, further comprising:
the server second key determining module is used for determining a second key of the server according to the system parameters of the server and storing the second key of the server;
and the server first key determining module is used for determining the first key of the server according to the second key of the server and the system parameters of the server and sending the first key of the server to the server.
8. The apparatus according to claim 6, wherein the user registration information is a user registration information ciphertext obtained by encrypting a user registration information original text with a first key of the server;
correspondingly, the device further comprises:
and the user registration information decryption module is used for decrypting the user registration information ciphertext by adopting a second secret key of the server to obtain a user registration information original text.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the user key generation method of any of claims 1-5 when executing the program.
10. A storage medium containing computer-executable instructions for performing the user key generation method of any one of claims 1 to 5 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911184416.2A CN110955883B (en) | 2019-11-27 | 2019-11-27 | Method, device, equipment and storage medium for generating user key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911184416.2A CN110955883B (en) | 2019-11-27 | 2019-11-27 | Method, device, equipment and storage medium for generating user key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110955883A true CN110955883A (en) | 2020-04-03 |
| CN110955883B CN110955883B (en) | 2023-06-23 |
Family
ID=69977061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911184416.2A Active CN110955883B (en) | 2019-11-27 | 2019-11-27 | Method, device, equipment and storage medium for generating user key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110955883B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170034133A1 (en) * | 2015-07-28 | 2017-02-02 | International Business Machines Corporation | User authentication over networks |
| CN109889518A (en) * | 2019-02-18 | 2019-06-14 | 天固信息安全系统(深圳)有限责任公司 | A kind of encryption storage method |
| CN110430051A (en) * | 2019-08-01 | 2019-11-08 | 北京永新视博数字电视技术有限公司 | A kind of method for storing cipher key, device and server |
-
2019
- 2019-11-27 CN CN201911184416.2A patent/CN110955883B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170034133A1 (en) * | 2015-07-28 | 2017-02-02 | International Business Machines Corporation | User authentication over networks |
| CN109889518A (en) * | 2019-02-18 | 2019-06-14 | 天固信息安全系统(深圳)有限责任公司 | A kind of encryption storage method |
| CN110430051A (en) * | 2019-08-01 | 2019-11-08 | 北京永新视博数字电视技术有限公司 | A kind of method for storing cipher key, device and server |
Non-Patent Citations (3)
| Title |
|---|
| 刘芳;孙炎森;鄢楚平;: "同步无线Mesh网络的密钥同步更新机制" * |
| 安迪;杨超;姜奇;马建峰;: "一种新的基于指纹与移动端协助的口令认证方法" * |
| 曹璞,吕丽民: "私钥存储服务安全的研究" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110955883B (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111082934B (en) | Cross-domain secure multiparty computing method and device based on trusted execution environment | |
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| KR101067399B1 (en) | Saving and retrieving data based on symmetric key encryption | |
| KR100996784B1 (en) | Saving and retrieving data based on public key encryption | |
| US20050283826A1 (en) | Systems and methods for performing secure communications between an authorized computing platform and a hardware component | |
| US20110099367A1 (en) | Key certification in one round trip | |
| CN111931158A (en) | Bidirectional authentication method, terminal and server | |
| US10826694B2 (en) | Method for leakage-resilient distributed function evaluation with CPU-enclaves | |
| CN111835774B (en) | Data processing method, device, equipment and storage medium | |
| KR20150045790A (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| US20140059341A1 (en) | Creating and accessing encrypted web based content in hybrid applications | |
| KR20210151016A (en) | Key protection processing method, apparatus, device and storage medium | |
| CN113610526A (en) | Data trust method and device, electronic equipment and storage medium | |
| US11431489B2 (en) | Encryption processing system and encryption processing method | |
| CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
| CN112307515A (en) | Database-based data processing method and device, electronic equipment and medium | |
| US20210248245A1 (en) | Calculation device, calculation method, calculation program and calculation system | |
| CN117220865A (en) | Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium | |
| KR20210103615A (en) | Blockchain-based user authentication model | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN114760052A (en) | Bank Internet of things platform key generation method and device, electronic equipment and medium | |
| US20230418911A1 (en) | Systems and methods for securely processing content | |
| CN114884714B (en) | Task processing method, device, equipment and storage medium | |
| CN114124440B (en) | Secure transmission method, apparatus, computer device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |