CN111277417B - Electronic signature implementation method based on national network security technology architecture - Google Patents
Electronic signature implementation method based on national network security technology architecture Download PDFInfo
- Publication number
- CN111277417B CN111277417B CN202010042103.XA CN202010042103A CN111277417B CN 111277417 B CN111277417 B CN 111277417B CN 202010042103 A CN202010042103 A CN 202010042103A CN 111277417 B CN111277417 B CN 111277417B
- Authority
- CN
- China
- Prior art keywords
- user
- private key
- key
- signature
- electric power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000011218 segmentation Effects 0.000 claims abstract description 4
- 238000013475 authorization Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 7
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 238000003786 synthesis reaction Methods 0.000 claims description 3
- 230000002194 synthesizing effect Effects 0.000 claims description 3
- 239000003999 initiator Substances 0.000 description 5
- 101100349601 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) kpr-2 gene Proteins 0.000 description 3
- 101100404300 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) kpr-1 gene Proteins 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Abstract
The invention discloses an electronic signature implementation method based on a national network security technology architecture, which comprises the following steps: acquiring user information containing user identity, applying for verifying the user identity to an authentication mechanism according to the user information, and generating a user key pair for a user through an electric power intranet encryption machine; binding the user information with a private key in the user key pair, and carrying out segmentation processing on the private key; submitting user information to a certification authority through a power extranet signature server, generating a user digital certificate based on the user information, and encrypting and storing the user digital certificate; acquiring a file to be signed uploaded by a user through an electric power external network signature server, and calling a segmented private key after confirming the identity of the user according to a user digital certificate, and obtaining a complete user private key through a synthetic algorithm; and completing digital signature operation according to the complete user private key. The security and reliability of the electronic signature system are improved by encrypting and storing the user private key segments, and the risk of private key embezzlement is reduced.
Description
Technical Field
The invention belongs to the technical field of electronic signature, and particularly relates to an electronic signature implementation method based on a national network security technical architecture.
Background
With the increasing amount and variety of electronic document signing, the demands of enterprises for compliance and contract effectiveness of electronic contract signing, the demands for electronic contract management efficiency, and the demands for guaranteeing legal interests of enterprises are all becoming evident, which puts forward new demands on signing and management modes of electronic documents. The traditional electronic signature technology relies on physical media such as Ukey and the like, the Ukey needs to be called to identify identity during signature, and meanwhile, if Ukey and pin codes are lost, corresponding loss is easily caused by common seal embezzlement. In recent years, the technology based on cloud digital signature is separated from a physical medium to a certain extent, so that the operation efficiency is improved, but the security risk brought by the technology is not quite variable. The national power grid is particularly important as a large-scale energy source and national support enterprise, and an information security technical architecture for isolating an internal network from an external network and a corresponding management and control mechanism have been implemented.
Based on this, a technology is needed to solve the defects in the traditional Ukey technology and realize safe, reliable and efficient electronic signature based on the national network security technology architecture.
Disclosure of Invention
In order to solve the problems, the invention provides an electronic signature implementation method based on a national network security technology architecture, which not only gets rid of the physical limitation of UKey, but also improves the safety and reliability of the cloud electronic signature technology by a method of sectionally processing and isolating and storing a private key of a user.
The technical scheme of the invention comprises the following steps:
acquiring user information containing user identity, applying for verifying the user identity to an authentication mechanism according to the user information, and generating a user key pair for a user through an electric power intranet encryption machine after verification;
binding the user information with the private key in the user key pair through the electric power intranet encryption machine, carrying out sectional processing on the private key, and storing the private key in the electric power extranet signature server and the electric power intranet encryption machine;
submitting the user information to a certification authority through a power extranet signature server, generating a user digital certificate based on the user information, and encrypting and storing the user digital certificate;
acquiring a file to be signed uploaded by a user through an electric power external network signature server, authenticating the user, confirming the identity of the user according to the user digital certificate, and then calling a sectional private key stored in the electric power external network signature server and an electric power internal network encryption machine, and obtaining a complete user private key through a synthetic algorithm;
and completing digital signature operation according to the complete user private key and storing a signature value in a power external network signature server.
Optionally, the entity of the electronic signature system comprises a signing initiator, an actual signer, an electric power intranet encryptor and an electric power external network signature server.
Optionally, the power external network signature server and the power internal network encryption machine communicate through an isolated gateway channel.
Optionally, the electronic signature implementation method further includes: in the electronic signature process, mutual authentication and data transmission can be carried out between different entities, and the signature process is completed together through a determined protocol.
Optionally, the user key includes a local master key, a transmission master key, and a working key;
the local master key is the key of the electric power intranet encryptor and is used for encrypting and protecting various keys related to the operation of the encryptor and keys of key data; the transmission master key is a key adopted for transmission security and is used for encrypting and protecting the security of the working key; the working key is a key directly associated with the user for cryptographically protecting the user data.
Optionally, when the local master key completes the setting work of the system parameters of the power intranet encryption machine, the local master key is generated by adopting a multi-user segmented manual pouring mode.
Optionally, the step of processing the private key in segments, storing in an external power network signature server and an internal power network encryptor, includes:
dividing a private key in the user key pair into two components through an algorithm, and storing a public key and a first private key component in the user key pair in an electric power external network signature server;
destroying the private key and the first private key component through the electric intranet encryptor, and only storing a synthesis algorithm of the second private key component and the private key.
Optionally, the willingness authentication of the user includes short message authentication and face recognition authentication.
Optionally, calling the segmentation private key of the power external network signature server and the power internal network encryptor includes:
the electronic signature system calculates a file abstract hash value of the file to be signed, and generates a call authorization code of the private key;
invoking a first private key component from the power external network signature server according to a first invoking authorization code in the invoking authorization codes;
and transmitting the first private key component and a second call authorization code in the call authorization codes to the electric power intranet encryption machine, and applying for synthesizing the complete private key from the electric power intranet encryption machine.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides an electronic signature realization method for sectionally storing a user private key based on a security technical architecture of a national network, which synthesizes the complete user private key only when the user uses the electronic signature, and the private key component is in an isolated encryption storage state when not used, thereby greatly improving the security of the user private key and the electronic signature and reducing the risk of stealing the private key. In addition, the user willingness authentication is added, so that the possibility that internal personnel steal the private key is effectively avoided, the safety and reliability of effective information of the user are ensured, and the public trust and the safety of a cloud signing mode of the third-party electronic signing platform for hosting the private key of the user are improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method of implementing the present invention;
FIG. 2 is an electronic signing system initialization flow diagram;
FIG. 3 is a flow chart of the generation of a user key and a digital certificate;
fig. 4 is a flow chart of signing by a user using a key.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Embodiment one:
as shown in fig. 1, the method for implementing the electronic signature based on the national network security technology architecture of the present invention includes:
s100, acquiring user information containing user identity, applying for verifying the user identity to an authentication mechanism according to the user information, and generating a user key pair for a user through an electric intranet encryptor after verification;
s200, binding the user information with a private key in the user key pair through an electric power intranet encryption machine, carrying out sectional processing on the private key, and storing the private key in an electric power extranet signature server and the electric power intranet encryption machine;
s300, submitting the user information to a certification authority through a power extranet signature server, generating a user digital certificate based on the user information, and encrypting and storing the user digital certificate;
s400, acquiring a file to be signed uploaded by a user through an electric power external network signature server, authenticating the user, and calling a sectional private key stored in the electric power external network signature server and an electric power internal network encryption machine after confirming the identity of the user according to the user digital certificate, so as to obtain a complete user private key through a synthetic algorithm;
s500, completing digital signature operation according to the complete user private key and storing a signature value in a power extranet signature server.
In this embodiment, the implementation of the present invention is based on an electronic signature system, where the entities of the electronic signature system include a signing initiator, an actual signer, an electric intranet encryptor, and an electric extranet signature server;
wherein when the signing initiator and the actual signer are the same, the signing initiator and the actual signer are the same entity, otherwise, the signing initiator and the actual signer are different entities.
In this embodiment, the electronic signature system is deployed in the cloud server of the external power network and the internal power network at the same time to meet the electronic signature requirements of users of the internal and external networks; the power external network signature server is communicated with the power internal network encryption machine through an isolated network gate channel; in the electronic signature process, necessary mutual authentication and data transmission can be carried out between different entities, and the signature process is completed together through a determined protocol.
In this embodiment, the user key includes a local master key, a transmission master key, and a working key;
the local master key is the key of the electric power intranet encryptor and is used for encrypting and protecting various keys related to the operation of the encryptor and keys of key data; the transmission master key is a key adopted for transmission security and is used for encrypting and protecting the security of the working key; the working key is a key directly associated with the user for cryptographically protecting the user data.
In this embodiment, the local master key is generated when the power intranet encryption machine completes the setting operation of its own system parameters, and is generally manually poured by multiple segments, and then automatically synthesized and stored by the system inside the power intranet encryption machine, while preserving the self-destruction function of the master key.
In this embodiment, the initialization process of the electronic signature system is further included, as shown in fig. 2:
the electric power intranet and the electric power extranet are communicated through a gateway, and a firewall is arranged between the electric power extranet and the Internet;
starting a system initialization flow through an electric power external network signature server, and generating and storing a key pair of an electronic signature system in an electric power internal network encryption machine when a user submits user information to the electronic signature system;
sending application information to a CA (certificate authority) organization through an electric external network signature server on the behalf of an actual signer, and applying for a digital certificate cert of an electronic signature system;
the CA mechanism generates a digital certificate of the electronic signature system;
in the power extranet signature server, an electronic signature system digital certificate cert is stored.
In this embodiment, the method further includes a process of generating the user key and the digital certificate, as shown in fig. 3:
after the user is registered, the electronic signature system compares the real-name authentication information of the user, and if the identity information is real, the power external network signature server applies for generating a user key pair to the power internal network encryption machine according to the user identity information;
the power intranet encryption opportunity generates and stores a public key kpub and a private key kpri, the private key is divided into kpri1 and kpri2 through an algorithm, and the public key kpub and the private key kpri1 are transmitted to a power extranet signature server;
the power external network signature server stores a public key kpub and a private key kpri1, applies for generating a user digital certificate cert, and if safety is considered, an external network encryption machine can be deployed on the power external network for key storage;
the electric power intranet encryptor destroys the private keys kpri and kpri1, and only stores the private key component kpri2 and a private key synthesis algorithm;
the CA mechanism generates a user digital certificate;
the power extranet signature server stores the customer digital certificate cert.
In this embodiment, the method further includes a process of signing by using a key by the user, as shown in fig. 4:
after the user logs in, the power external network signature server applies for identity verification to the CA mechanism and verifies legal user information;
after the identity verification is successful, the electric power external network signature server calculates a file abstract hash value h (m) and generates private key calling authorization codes T1 and T2, and if the identity verification is failed, the electric power external network signature server returns to a user login program;
the power external network signature server calls a private key kpr1=seek (T1), transmits a calling authorization code T2 of the kpr1 and the private key kpr2 to the power internal network encryptor, and applies for synthesizing the private key kprj;
the electric power intranet encryptor calls a private key kpr2=seek (T2), and synthesizes a user private key comp [ kpri1, kpr2 ] =kpri;
invoking a private key kpri to perform digital signature SIgnd (m) =Signkpriu [ h (m) ] and destroying kpri1 and kpri;
the power external network signature server stores a signature value;
when the user carries out digital signature, the intranet user synchronizes the file to be signed to the power external network signature server through the gatekeeper, and the external network user uploads the file to be signed to the power external network signature server through the SSL encryption channel.
In this embodiment, the willingness authentication of the user includes short message authentication and face recognition authentication.
In this embodiment, the method further includes a user signature verification process:
the power external network signature server extracts the hash value of the signed file, and decrypts the original uploaded file signature by adopting a public key in the stored user certificate;
comparing the decrypted file abstract with the file abstract of the original uploaded file, if the file abstract is completely consistent with the file abstract, checking the signature, and if the file abstract is inconsistent with the file abstract, checking the signature.
The various numbers in the above embodiments are for illustration only and do not represent the order of assembly or use of the various components.
The foregoing is illustrative of the present invention and is not to be construed as limiting thereof, but rather, the present invention is to be construed as limited to the appended claims.
Claims (7)
1. An electronic signature implementation method based on a national network security technology architecture is implemented based on an electronic signature system and is characterized by comprising the following steps:
acquiring user information containing user identity, applying for verifying the user identity to an authentication mechanism according to the user information, and generating a user key pair for a user through an electric power intranet encryption machine after verification;
binding the user information with the private key in the user key pair through the electric power intranet encryption machine, carrying out sectional processing on the private key, and storing the private key in the electric power extranet signature server and the electric power intranet encryption machine;
submitting the user information to a certification authority through a power extranet signature server, generating a user digital certificate based on the user information, and encrypting and storing the user digital certificate;
acquiring a file to be signed uploaded by a user through an electric power external network signature server, authenticating the user, confirming the identity of the user according to the user digital certificate, and then calling a sectional private key stored in the electric power external network signature server and an electric power internal network encryption machine, and obtaining a complete user private key through a synthetic algorithm;
completing digital signature operation according to the complete user private key and storing a signature value in a power external network signature server;
the private key is processed in a segmentation mode and stored in an electric power external network signature server and an electric power internal network encryptor, and the method comprises the following steps:
dividing a private key in the user key pair into two components through an algorithm, and storing a public key and a first private key component in the user key pair in an electric power external network signature server;
destroying the private key and the first private key component through an electric intranet encryptor, and only storing a synthesis algorithm of the second private key component and the private key;
invoking a segmentation private key of a power external network signature server and a power internal network encryptor, comprising:
the electronic signature system calculates a file abstract hash value of the file to be signed, and generates a call authorization code of the private key;
invoking a first private key component from the power external network signature server according to a first invoking authorization code in the invoking authorization codes;
and transmitting the first private key component and a second call authorization code in the call authorization codes to the electric power intranet encryption machine, and applying for synthesizing the complete private key from the electric power intranet encryption machine.
2. The method for implementing electronic signature based on national network security architecture as recited in claim 1, wherein the entities of the electronic signature system include signing sponsors, actual signers, electric intranet encryptors and electric extranet signature servers.
3. The method for implementing electronic signature based on national network security architecture according to claim 2, wherein the power extranet signature server and the power intranet encryption machine communicate through an isolated gateway channel.
4. The method for implementing electronic signature based on national network security architecture as set forth in claim 2, further comprising:
in the electronic signature process, mutual authentication and data transmission can be carried out between different entities, and the signature process is completed together through a determined protocol.
5. The method for implementing electronic signature based on national network security architecture as recited in claim 1, wherein the user key includes a local master key, a transmission master key, and a work key;
the local master key is the key of the electric power intranet encryptor and is used for encrypting and protecting various keys related to the operation of the encryptor and keys of key data; the transmission master key is a key adopted for transmission security and is used for encrypting and protecting the security of the working key; the working key is a key directly associated with the user for cryptographically protecting the user data.
6. The method for realizing electronic signature based on national network security technology architecture according to claim 5, wherein the local master key is generated by adopting a multi-user segmented manual pouring mode when the power intranet encryption machine completes the setting work of own system parameters.
7. The method for implementing electronic signature based on national network security architecture as recited in claim 1, wherein the willingness authentication of the user includes short message authentication and face recognition authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010042103.XA CN111277417B (en) | 2020-01-15 | 2020-01-15 | Electronic signature implementation method based on national network security technology architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010042103.XA CN111277417B (en) | 2020-01-15 | 2020-01-15 | Electronic signature implementation method based on national network security technology architecture |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111277417A CN111277417A (en) | 2020-06-12 |
CN111277417B true CN111277417B (en) | 2023-12-29 |
Family
ID=71000300
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010042103.XA Active CN111277417B (en) | 2020-01-15 | 2020-01-15 | Electronic signature implementation method based on national network security technology architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111277417B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114697040A (en) * | 2020-12-31 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Electronic signature method and system based on symmetric key |
CN113112356B (en) * | 2021-03-05 | 2022-09-09 | 浙江华云信息科技有限公司 | Block chain universal service system based on national network security architecture |
CN113193961B (en) * | 2021-04-29 | 2022-12-13 | 中国人民银行数字货币研究所 | Digital certificate management method and device |
CN116436618B (en) * | 2023-06-07 | 2023-08-22 | 江苏意源科技有限公司 | Intelligent code scanning signature system and intelligent code scanning signature method |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102170356A (en) * | 2011-05-10 | 2011-08-31 | 北京联合智华微电子科技有限公司 | Authentication system realizing method supporting exclusive control of digital signature key |
CN103283178A (en) * | 2010-12-23 | 2013-09-04 | 莫雷加系统股份有限公司 | Elliptic curve cryptograhy with fragmented key processing and methods for use therewith |
CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
WO2017024934A1 (en) * | 2015-08-07 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Electronic signing method, device and signing server |
CN106651633A (en) * | 2016-10-09 | 2017-05-10 | 国网浙江省电力公司信息通信分公司 | Power utilization information acquisition system and method based on big data technology |
CN107911378A (en) * | 2017-11-29 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | A kind of system and method for online Electronic Signature |
CN109412812A (en) * | 2018-08-29 | 2019-03-01 | 中国建设银行股份有限公司 | Data safe processing system, method, apparatus and storage medium |
CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
CN110225042A (en) * | 2019-06-14 | 2019-09-10 | 王雪菲 | The safe handling method and server of block chain wallet private key |
US10425224B1 (en) * | 2017-06-30 | 2019-09-24 | Salesforce.Com, Inc. | Identity confirmation using private keys |
CN110427768A (en) * | 2019-08-09 | 2019-11-08 | 北京智汇信元科技有限公司 | A kind of private key management method and system |
-
2020
- 2020-01-15 CN CN202010042103.XA patent/CN111277417B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103283178A (en) * | 2010-12-23 | 2013-09-04 | 莫雷加系统股份有限公司 | Elliptic curve cryptograhy with fragmented key processing and methods for use therewith |
CN102170356A (en) * | 2011-05-10 | 2011-08-31 | 北京联合智华微电子科技有限公司 | Authentication system realizing method supporting exclusive control of digital signature key |
CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
WO2017024934A1 (en) * | 2015-08-07 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Electronic signing method, device and signing server |
CN106651633A (en) * | 2016-10-09 | 2017-05-10 | 国网浙江省电力公司信息通信分公司 | Power utilization information acquisition system and method based on big data technology |
US10425224B1 (en) * | 2017-06-30 | 2019-09-24 | Salesforce.Com, Inc. | Identity confirmation using private keys |
CN107911378A (en) * | 2017-11-29 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | A kind of system and method for online Electronic Signature |
CN109412812A (en) * | 2018-08-29 | 2019-03-01 | 中国建设银行股份有限公司 | Data safe processing system, method, apparatus and storage medium |
CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
CN110225042A (en) * | 2019-06-14 | 2019-09-10 | 王雪菲 | The safe handling method and server of block chain wallet private key |
CN110427768A (en) * | 2019-08-09 | 2019-11-08 | 北京智汇信元科技有限公司 | A kind of private key management method and system |
Also Published As
Publication number | Publication date |
---|---|
CN111277417A (en) | 2020-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111277417B (en) | Electronic signature implementation method based on national network security technology architecture | |
CN109922077B (en) | Identity authentication method and system based on block chain | |
EP3661120B1 (en) | Method and apparatus for security authentication | |
US9065637B2 (en) | System and method for securing private keys issued from distributed private key generator (D-PKG) nodes | |
WO2017084273A1 (en) | Handshake method, device and system for client and server | |
CN112235235B (en) | SDP authentication protocol implementation method based on cryptographic algorithm | |
CN107959566A (en) | Quantal data key agreement system and quantal data cryptographic key negotiation method | |
CN110599163B (en) | Transaction record outsourcing method facing block chain transaction supervision | |
CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
Krawczyk | A unilateral-to-mutual authentication compiler for key exchange (with applications to client authentication in TLS 1.3) | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
Hlauschek et al. | Prying Open Pandora's Box:{KCI} Attacks against {TLS} | |
CN113868684A (en) | Signature method, device, server, medium and signature system | |
CN115276986B (en) | Cloud agent pool shunting re-encryption sharing method under general scene | |
CN114726552B (en) | Digital signature right transfer method and system | |
CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
CN113656818B (en) | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security | |
CN115459975A (en) | Certificate-free access authentication method for industrial edge equipment based on Chebyshev polynomial | |
CN114285557A (en) | Communication encryption method, system and device | |
CN114244501A (en) | Power data privacy protection system and implementation method thereof, and encryption attribute revocation method | |
CN111865568B (en) | Data transmission oriented certificate storing method, transmission method and system | |
WO2022185328A1 (en) | System and method for identity-based key agreement for secure communication | |
CN109450641B (en) | Access control method for high-end mold information management system | |
Abbdal et al. | Secure third party auditor for ensuring data integrity in cloud storage | |
CN115484031B (en) | SGX-based trusted-free third-party cloud storage ciphertext deduplication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |