CN112039665A - Key management method and device - Google Patents
Key management method and device Download PDFInfo
- Publication number
- CN112039665A CN112039665A CN202010897547.1A CN202010897547A CN112039665A CN 112039665 A CN112039665 A CN 112039665A CN 202010897547 A CN202010897547 A CN 202010897547A CN 112039665 A CN112039665 A CN 112039665A
- Authority
- CN
- China
- Prior art keywords
- key
- role
- identity
- user
- decryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a key management method and device, and relates to the technical field of encryption. The method comprises the following steps: after confirming that a user logs in the digital identity through a first identity authentication mode, obtaining a first role decryption key corresponding to a first role in at least one role of the digital identity; and decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain the target key, wherein the target key is used for managing the asset corresponding to the first role. Based on the technical scheme provided by the application, a user can log in the digital identity through the existing identity information, the asset management can be realized without memorizing complex and complicated keys, and great convenience is provided for the user; meanwhile, the key management method provided by the embodiment of the application eliminates the risk of key leakage or key loss, so that a user does not need to worry about whether the mode of keeping the key is stable or not, and the asset safety of the user can be guaranteed to a great extent.
Description
Technical Field
The present application relates to the field of encryption technologies, and in particular, to a key management method and apparatus.
Background
As blockchain technology grows, more and more investors begin to come into contact with digital currency. However, since the number of bits of a key for managing digital money is large and irregular, it is often very difficult to memorize the key, which has become a threshold on the way of popularization of digital money. In order to make it more convenient and more secure for the user to keep the keys, some solutions have emerged in the market in recent years, however, there has never appeared a solution that can really counteract the pressure of the user in key management.
Meanwhile, the internet of things is developing at a high speed, and more products in life begin to realize intelligent management. However, various intelligent products cause the user to manage numerous scattered accounts, and the user feels inconvenience. If the situation of poor management occurs, potential safety hazards can be even brought to the assets of the users.
Disclosure of Invention
In view of this, in order to solve the above problems faced by users in asset management in the prior art, embodiments of the present application provide a key management method and apparatus.
According to a first aspect of embodiments of the present application, there is provided a key management method, including: after confirming that a user logs in the digital identity through a first identity authentication mode, obtaining a first role decryption key corresponding to a first role in at least one role of the digital identity; and decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain the target key, wherein the target key is used for managing the asset corresponding to the first role.
According to a second aspect of embodiments of the present application, there is provided a key management apparatus including: the key acquisition module is used for acquiring a first role decryption key corresponding to a first role in at least one role of the digital identity when the user is confirmed to log in the digital identity through a first identity authentication mode; and the decryption module is used for decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain the target key, wherein the target key is used for managing the asset corresponding to the first role.
According to a third aspect of embodiments of the present application, there is provided a computer apparatus, including: a processor; a memory including computer instructions stored thereon which, when executed by the processor, implement the key management method provided by the first aspect described above.
According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium comprising computer instructions stored thereon, which, when executed by a processor, cause the processor to perform the key management method provided by the first aspect described above.
The key management method and device provided by the embodiment of the application at least have the following effects:
the user can log in the digital identity through the existing identity information, the asset management can be realized without memorizing complex and complicated keys, and great convenience is provided for the user; meanwhile, the risk of key leakage or key loss is eliminated, so that a user does not need to worry about whether the key storage mode is stable or not, and the asset safety of the user can be guaranteed to a great extent.
It should be understood that the above description of technical effects is exemplary and explanatory only and is not restrictive of the application.
Drawings
Fig. 1 is a schematic system architecture diagram of a key management system according to an exemplary embodiment of the present application.
Fig. 2 is a flowchart illustrating a key management method according to an exemplary embodiment of the present application.
Fig. 3 is a flowchart illustrating a key management method according to another exemplary embodiment of the present application.
Fig. 4 is a flowchart illustrating a key management method according to another exemplary embodiment of the present application.
Fig. 5 is a schematic diagram illustrating a key management device according to an exemplary embodiment of the present application.
Fig. 6 is a schematic diagram illustrating a key management device according to another exemplary embodiment of the present application.
Fig. 7 is a block diagram illustrating an electronic device provided in an exemplary embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments that can be derived from the embodiments given herein by a person of ordinary skill in the art are intended to be within the scope of the present disclosure.
Summary of the application
As described above, in an environment where the internet is rapidly spreading, users need to manage their own assets by various account passwords, keys, and the like. However, many products and platforms are dazzling, the account password which is not commonly used is easy to forget, and the secret key is long and difficult to remember and very difficult to manage.
In view of the above technical problems, the basic concept of the present application is to provide a key management method and apparatus, which introduces a digital identity into a key management system, and uses a cryptographic method to enable the digital identity to replace a user to manage assets, so that the method is very convenient and can ensure the asset security of the user to a great extent. The key management system provided by the application can enable a user to properly manage own assets only by managing the digital identity, greatly reduces the pressure of the user, and saves a great deal of energy for the user.
Exemplary System
Fig. 1 is a schematic system architecture diagram of a key management system according to an exemplary embodiment of the present application. As shown in fig. 1, the key management system includes an electronic device 11, an electronic device 12, and a server 20.
The electronic equipment can be mobile equipment such as a mobile phone, a game host, a tablet computer, a camera, a video camera and a vehicle-mounted computer; or a computer such as a notebook computer, desktop computer, etc.; other electronic devices including processors and memory are also possible. The embodiment of the present application does not limit the type of the electronic device.
The electronic device 11 obtains the authorization of the user through the first identity authentication manner to generate a first authentication encryption key, encrypts the role decryption key based on the first authentication encryption key, and stores the encrypted role decryption key to the server 20, so as to implement the creation process of the digital identity. Further, the electronic device 12 may implement a management or usage process of the character decryption key by obtaining the encrypted character decryption key from the server 20 and decrypting it. In particular, in practical applications, the above process may be performed by a client installed on electronic device 11 and/or electronic device 12. It should be understood that in some embodiments, electronic device 11 and electronic device 12 may be the same electronic device.
The server 20 is disposed on the internet and is configured to establish a communication connection with the electronic device, receive and execute instructions from the electronic device, and/or receive and store data from the electronic device.
It should be noted that the above application scenarios are only presented to facilitate understanding of the spirit and principles of the present application, and the embodiments of the present application are not limited thereto. Rather, embodiments of the present application may be applied to any scenario where it may be applicable.
Exemplary method
Fig. 2 is a flowchart illustrating a key management method according to an exemplary embodiment of the present application. The method may be performed by a client on the electronic device 12. As shown in fig. 2, the method may include the steps of:
s210: after the user is confirmed to log in the digital identity through the first identity authentication mode, a first role decryption key corresponding to a first role in at least one role of the digital identity is obtained.
Specifically, a user may have at least one authentication means with the right to log in to a digital identity, including a first authentication means. Here, the identity authentication means is used to prove that the user has the right to log in the digital identity.
Further, one digital identity may be associated with only one identity authentication method, or may be associated with a plurality of identity authentication methods. The plurality of identity authentication methods may correspond to the same user or a plurality of different users. In practical application, the client can show all the identity authentication modes which can be selected by the user to the user in the forms of a list and the like so that the user can select the identity authentication modes; the automatic selection can also be carried out by means of fingerprint identification, facial identification or card swiping and the like. When the user selects to log in through the first identity authentication mode, the client authenticates the identity of the user through the first identity authentication mode, and the user is allowed to log in the digital identity after the authentication is passed.
In an embodiment, the digital identity may correspond to a natural person, a virtual identity, or an organization. That is, all natural persons, virtual identities or organizations may hold at least one digital identity for managing their assets with administrative rights. For example, company a, as an organization, has a company a digital identity; an employee B of a company A, as a natural person, has a digital identity of B; in addition, B also creates a virtual identity C and has a C digital identity. Here, the embodiment of the present application does not limit the holder of the digital identity.
In another embodiment, a user may have login rights for multiple digital identities, which may manage assets corresponding to the multiple digital identities. For example, a user may log in to his or her digital identity, to a company to which the user belongs, or to a virtual identity. Here, the embodiment of the present application does not limit the number of digital identities that one user can correspond to.
Further, when a user has login rights of multiple digital identities, at least one identity authentication manner of the user may be set to correspond to the multiple digital identities of which the user has login rights. That is, the user may log in a plurality of digital identities through at least one identity authentication method, and may further manage assets corresponding to the plurality of digital identities.
It should be understood that the term "user" as used in this application is not limited to a natural person, but may also include, for example, a machine, a monkey, a virtual identity, an organization, etc., and the application does not limit the true identity of the user.
The at least one authentication method may be a method of authenticating the user through at least one existing information of the user, where the existing information of the user may include all existing authentication methods held by the user. Such as a third party platform account, a terminal system account, a mobile phone number account, an identity authentication chip, a digital certificate, a private storage space account, a key, a password, a human body biometric characteristic, and the like, held by the user. The third-party platform account may be a social platform account, a shopping platform account, a financial platform account, a network service account, an intelligent internet of things platform account, and the like held by the user, for example: WeChat account, Taobao account, cell phone bank account, etc. It should be understood that the embodiments of the present application do not limit the specific types of existing information of the user.
After the user login digital identity is confirmed, the client can obtain a first role decryption key corresponding to a first role of the digital identity. Specifically, when confirming that the user is a user with login rights, the client may obtain the first role decryption key of the digital identity based on the information of the user.
S220: and decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain the target key.
The target key is used for managing the assets corresponding to the first role.
Specifically, the digital identity may own at least one asset, such as an account number in digital currency, account numbers in various login manners, and the like. Each asset has at least one corresponding target key for managing the asset, which may represent, for example, ownership, usage rights, viewing rights, or other rights of the asset.
Also, a digital identity may comprise at least one role, including a first role. At least one role is used to manage assets held by the digital identity, with different roles corresponding to different assets of the digital identity. Specifically, when a digital identity has only one role, namely a first role, the first role may have management rights for all assets held by the digital identity; when a digital identity includes multiple roles, different roles in the multiple roles may respectively have management rights for different assets in the assets held by the digital identity, where the assets corresponding to two different roles may be partially the same or completely different. For example, a digital identity may include a first role, a second role, and a third role, where the first role has the right to manage the WeChat account, the microblog account, and the bus boarding card, the second role has the right to manage the Smart Lock, the digital Currency account, and the third role has the right to manage the WeChat account and the Smart Lock.
According to the key management method provided by the embodiment of the application, different roles are set in the digital identity, and different asset management authorities are distributed to the different roles, so that assets can be divided according to user requirements or security levels, the convenience of the key management system is improved, and the assets can be managed more conveniently by a user.
Further, each role in the at least one role has a corresponding role key, and the role key may include a pair of a role encryption key and a role decryption key corresponding to each other. For example, the first persona corresponds to a first persona encryption key and a first persona decryption key. When a role is given a management authority aiming at least one asset, at least one target key corresponding to at least one asset in the management authority can be respectively encrypted by using a role encryption key corresponding to the role, so that at least one encrypted target key is obtained and stored in the digital identity. For example, the first role encryption key is used to encrypt the target key of the asset corresponding to the first role, so as to obtain the encrypted target key. In this way, after the client obtains the role decryption key, the client can decrypt the encrypted target key by using the role decryption key, thereby obtaining the target key. It should be understood that the role encryption key and the role decryption key may be a pair of asymmetric keys, such as a public key and a private key, or may be a symmetric key, which is not limited in this application.
Preferably, in another embodiment, after obtaining the target key, the client may further use the target key to manage the asset corresponding to the target key according to an instruction of the user. For example, when the target key is a key of a digital money account, the user may issue an operation instruction to perform balance check on the digital money account. After receiving the operation instruction, the client may find the corresponding encrypted target key, and decrypt the encrypted target key using the first role decryption key, thereby obtaining the target key and executing the operation instruction sent by the user.
Based on the key management method provided by the embodiment of the application, a user can log in the digital identity through the existing identity information, the asset management can be realized without memorizing complex and complicated keys, and great convenience is provided for the user; meanwhile, the key management method provided by the embodiment of the application eliminates the risk of key leakage or key loss, so that a user does not need to worry about whether the mode of keeping the key is stable or not, and the asset safety of the user can be guaranteed to a great extent.
In an embodiment, the digital identity may further include a plurality of permission levels, and each permission level of the plurality of permission levels has a permission to manage the asset corresponding to at least one of the plurality of roles, respectively.
Specifically, each identity authentication mode of all identity authentication modes corresponding to one digital identity has one authority level, and further has asset management authority of at least one role corresponding to the authority level. For example, the first identity authentication method may correspond to a first authority level of the plurality of authority levels, and the first authority level may have an authority to manage the asset corresponding to the first role, so that the user who logs in the digital identity through the first identity authentication method can manage the asset corresponding to the first role; the second identity authentication mode may correspond to a second authority level of the plurality of authority levels, and the second authority level may have an authority to manage assets corresponding to the first role and the second role, so that a user who logs in the digital identity through the second identity authentication mode may simultaneously manage assets corresponding to the first role and the second role.
In practical applications, each identity authentication manner may have a corresponding authentication key, and the authentication key may include a pair of authentication encryption key and authentication decryption key corresponding to each other. For example, the first authentication means may correspond to a first authentication encryption key and a first authentication decryption key. When an identity authentication mode needs to be given a certain authority level, for example, a first identity authentication mode is given a first authority level, a first authentication encryption key can be used to encrypt a first role decryption key corresponding to the first authority level, so as to obtain an initial encrypted first role decryption key. Therefore, when the user logs in the digital identity through the first identity authentication mode, the client can obtain the first authentication decryption key, find the initial encryption first role decryption key, and decrypt the initial encryption first role decryption key by using the first authentication decryption key to obtain the first role decryption key. For example, when the second authentication method is assigned with the second authority level, the first role decryption key and the second role decryption key corresponding to the second authority level may be encrypted respectively by using the second authentication encryption key to obtain the initial encrypted first role decryption key and the initial encrypted second role decryption key. Similarly, when the user logs in the digital identity through the second identity authentication mode, the client can obtain the second authentication decryption key, find the initial encryption first role decryption key and/or the initial encryption second role decryption key according to the requirements of the user, and decrypt the initial encryption first role decryption key and/or the initial encryption second role decryption key by using the second authentication decryption key to obtain the first role decryption key and/or the second role decryption key. It should be understood that the authentication encryption key and the authentication decryption key may be a pair of asymmetric keys, such as a public key and a private key, or may be a symmetric key, which is not limited in this application.
It should be understood that the specific division and corresponding manner of the assets, roles, and permission levels may be set by those skilled in the art according to actual needs, or may be set by a user in the system in a self-defined manner, which is not limited in the embodiments of the present application.
Based on the key management method provided by the embodiment of the application, on the basis of helping the user to perform key management, different identity authentication modes can be provided with asset management authorities of different levels respectively by setting authority levels, so that the performance of the key management system is more comprehensive and complete, convenience is brought to the user, and meanwhile, the security of the user assets is further improved.
Fig. 3 is a flowchart illustrating a key management method according to another exemplary embodiment of the present application. The method may be performed by a client (hereinafter referred to as a login client) on the electronic device 12.
In the method shown in fig. 3, when a user uses a new electronic device, the first authentication means may be bound to the electronic device before the user logs in the digital identity using the first authentication means for the first time. The method may comprise the steps of:
s310: and acquiring the initial encrypted first role decryption key from the server side.
When the user selects to bind the first authentication method with the login client, the login client may obtain the initial encrypted first role decryption key corresponding to the first authentication method from the server.
It is noted that when creating the first authentication means for the digital identity, the user may select at least one role of the digital identity to be associated with the first authentication means. After receiving the instruction of the user, the client (hereinafter, referred to as a creation client) on the electronic device 11 may give the first identity authentication method the management authority of the asset corresponding to the at least one role. Specifically, in an embodiment, when the user selects the first role as the role corresponding to the first authentication method, the creating client may generate a first authentication encryption key corresponding to the first authentication method when creating the first authentication method, encrypt the first role decryption key using the first authentication encryption key, generate an initial encrypted first role decryption key, and store the initial encrypted first role decryption key in the server. Preferably, in another embodiment, the creating client may generate a pair of asymmetric keys corresponding to the first authentication mode, and use a private key thereof as the first authentication encryption key and a public key thereof as the first authentication decryption key. It should be understood that the embodiments of the present application do not limit the specific generation manner of the authentication key.
S320: and acquiring a first authentication decryption key, and decrypting the initially encrypted first role decryption key by using the first authentication decryption key to obtain the first role decryption key.
After the initial encrypted first character decryption key is obtained, the login client can further obtain a first authentication decryption key, so that the initial encrypted first character decryption key is decrypted to obtain the first character decryption key. In a preferred embodiment, the first authentication decryption key may be stored in encrypted form at the server side. For example, when the first authentication method is created, the creation client may generate a third storage key, encrypt the first authentication decryption key using the third storage key, and store the encrypted first authentication decryption key in the server. Accordingly, the process of obtaining the first authenticated decryption key may include: acquiring an encrypted first authentication decryption key from a server side; and acquiring a third storage key, and decrypting the encrypted first authentication decryption key by using the third storage key to obtain the first authentication decryption key.
It should be understood that the login client may obtain the initial encrypted first role decryption key and the encrypted first authentication decryption key from the server side at the same time, or obtain the initial encrypted first role decryption key after obtaining the encrypted first authentication decryption key first, which is not limited in this embodiment of the present application.
Further, in an embodiment, in order to reduce the risk of revealing the third storage key, the third storage key may be generated based on the first identity authentication method, or the third storage key may be stored after being associated with the first identity authentication method, so that the login client can acquire the third storage key only when the user logs in the digital identity through the first identity authentication method. Here, the manner in which the creation-use client generates the third storage key may be different depending on the type of the first authentication manner. Correspondingly, the method for the login client to obtain the third storage key may be different according to the generation method.
For example, when the first authentication method is a third party platform account, the login client may send a verification request to the first authentication client corresponding to the third party platform account, so as to obtain the first authentication information. After receiving the verification request, the first authentication terminal may perform authentication on the user. After the verification is passed, the first identity authentication end can send the first identity authentication information containing the user identity information to the login client, so that the login client can calculate the third storage key according to the first identity authentication information. For example: when the first identity authentication mode is WeChat, the WeChat authentication end can send the WeChat ID of the user to the login client after verifying the identity of the user, and the login client can calculate the third storage key according to the WeChat ID of the user.
For example, the first authentication method may be an authentication chip that can interact with the login client. Here, the login client may directly read the first authentication information including the user identification information from the authentication chip, and calculate the third storage key.
For another example, the first authentication method may be a method of authenticating a human biometric characteristic of the user. Here, the login client may acquire a human biometric feature of the user, extract the first authentication information therefrom, and calculate the third storage key.
In another embodiment, the process of obtaining the third storage key by the login client may include: acquiring first identity authentication information through a first identity authentication mode; acquiring a first salt value from a server side; a third storage key is calculated based on the first authentication information and a first salt value (e.g., a random value used by the encryption process). When the first identity authentication mode is created, the creation client can generate a first salt value for calculating the third storage key and store the first salt value in the server.
In another embodiment, the process of obtaining the third storage key by the login client may include: acquiring first identity authentication information through a first identity authentication mode; acquiring personal information of a user; acquiring a first salt value from a server side; and calculating to obtain a third storage key according to the first identity authentication information, the user personal information and the first salt value. The login client can present a personal information input request to a user through a user interface and receive personal information input by the user. For example, the personal information of the user may be the name of the user's parent.
In another embodiment, the third storage key may be pre-generated and stored locally, and has an association relationship with the first identity authentication method. The logging-in client may obtain the third storage key associated with the first identity authentication mode from the local after confirming that the user logs in the digital identity through the first identity authentication mode.
In another implementation manner of the foregoing embodiment, when the first identity authentication method has a corresponding cloud service account, the third storage key may be generated in advance and stored in a corresponding cloud of the first identity authentication method. After confirming that the user logs in the digital identity through the first identity authentication mode, the login client can acquire a third storage key from a corresponding cloud end of the first identity authentication mode.
Based on the key management method provided by the embodiment of the application, the role key can be safely stored by storing the authentication key in an encrypted form and requiring the user to verify the corresponding identity authentication mode during decryption, so that the asset safety of the user is improved.
Optionally, in another embodiment, the server may be provided with a key database, and the encrypted first authentication decryption key may be stored in the key database. The process of obtaining the encrypted first authentication decryption key from the server side may include: obtaining a first login account and a first login password based on a first identity authentication mode; logging in a key database by using a first login account and a first login password; and acquiring the encrypted first authentication decryption key from the key database.
Specifically, when the first authentication method is created, the creating client may send an account creating request to the server, so that the server creates a first key database account for logging in the key database. The first key database account corresponds to a first identity authentication mode and is used for storing the encrypted first authentication decryption key. Here, the first key database account may have a pair of an account number and a password, that is, a first login account number and a first login password, and the creating client may log in the key database according to the first login account number and the first login password and obtain data therefrom. It should be understood that the first login account and the first login password may be generated by the creating client and then sent to the server, or may be directly generated by the server, which is not limited in this embodiment of the present application.
When the client side is created to obtain the first login account and the first login password based on the first identity authentication mode, the first login account and the first login password can be obtained through calculation according to the first identity authentication mode, the first login account and the first login password which are stored in advance can be obtained through a cloud end corresponding to the first identity authentication mode, and the first login account and the first login password which are associated with the first identity authentication mode can be directly obtained from the local place. It should be understood that, in the embodiments of the present application, the specific generation and storage manner of the first login account number and the first login password is not limited.
Based on the key management method provided by the embodiment of the application, the authentication key can be kept in an encrypted form, and the database account is established at the server side so as to better keep the authentication key, so that the security of the key management system is further enhanced, and the asset security of the user can be guaranteed to a greater extent.
S330: and generating a first storage key, encrypting the first role decryption key by using the first storage key to obtain the encrypted first role decryption key, and storing the encrypted first role decryption key locally.
After the first role decryption key is obtained through decryption, in order to safely store the first role decryption key locally, the creation client may generate a first storage key based on a first identity authentication method, encrypt the first role decryption key using the first storage key, and store the encrypted first role decryption key locally. Specifically, in order to reduce the risk of leakage of the first storage key, the first storage key may be generated based on the first identity authentication method, or the generated first storage key may be stored after being associated with the first identity authentication method, so that the login client may obtain the first storage key only when the user logs in the digital identity through the first identity authentication method. For example, the creating client may calculate the first storage key based on the first identity authentication information, or the creating client may randomly generate the first storage key and store the first storage key in a cloud corresponding to the first identity authentication method, or store the first storage key locally after associating the first storage key with the first identity authentication method.
In an embodiment, creating the first storage key with the client may include: acquiring first identity authentication information through a first identity authentication mode; and calculating according to the first identity authentication information to obtain a first storage key corresponding to the first identity authentication mode. It should be understood that the specific manner of calculating the first storage key by the creation-use client according to the first identity authentication information may be set by those skilled in the art according to actual needs, and the embodiment of the present application is not limited thereto.
Here, the manner in which the creation client acquires the first authentication information may be different depending on the type of the first authentication manner.
For example, the first identity authentication method may be a third-party platform account, and when the user selects to bind the first identity authentication method to the creation client device, the creation client may send a verification request to the first identity authentication end corresponding to the third-party platform account, so as to obtain the first identity authentication information. After receiving the verification request, the first authentication terminal may perform authentication on the user. After the verification is passed, the first identity authentication terminal may send first identity authentication information including user identity information to the creating client, so that the creating client calculates the first storage key according to the first identity authentication information. For example: when the first identity authentication mode is WeChat, the WeChat authentication end can send the WeChat ID of the user to the creation client after verifying the identity of the user, and the creation client can calculate the first storage key according to the WeChat ID of the user.
For example, the first authentication means may be an authentication chip capable of interacting with the creating client, and the authentication chip may store first authentication information including user identity information. Here, the creating client may directly read the first authentication information including the user identity information from the authentication chip, and calculate the first storage key.
For another example, the first authentication method may be a method of authenticating a human biometric feature of the user, and thus the first authentication information may be generated based on the human biometric feature of the user (e.g., a fingerprint feature, a facial feature, an iris feature, a voice feature, etc.). The creating client can acquire the human body biological characteristics of the user, extract the first identity authentication information from the human body biological characteristics, and calculate to obtain the first storage secret key.
It should be understood that the present application is not limited to the specific form of the identity authentication information and the specific manner of obtaining the identity authentication information, and may be non-public information that can be obtained after the identity authentication and that can verify the identity of the user.
Optionally, in another embodiment, the process of creating the first storage key generated by the client may include: acquiring first identity authentication information through a first identity authentication mode; randomly generating or acquiring a first salt value from a server side; and calculating to obtain a first storage key according to the first identity authentication information and the first salt value. Specifically, the creation client may generate a random number as the first salt value, or may obtain the first salt value stored in advance from the server. For example, the first salt value may be generated and stored on the server side when the first authentication method is created. The server may be provided with an ID database, the ID database stores a first authentication record corresponding to the first identity authentication method, and the first salt value may be stored in the first authentication record. Here, each authentication mode of each user may correspond to a unique number, and different numbers correspond to different authentication records in the ID database. When the user selects to bind the first identity authentication mode to the new mobile terminal, the creation client can find the first authentication record at the server according to the first identity authentication mode, so that the first salt value is obtained. It should be understood that the first salt value may be randomly generated, or may be generated according to the first authentication manner and/or information such as personal information of the user, and the embodiment of the present application does not limit the specific generation process thereof.
Preferably, in another embodiment, the process of creating the first storage key generated by the client may include: acquiring first identity authentication information through a first identity authentication mode; acquiring personal information of a user; randomly generating or acquiring a first salt value from a server side; and calculating to obtain a first storage key according to the first identity authentication information, the user personal information and the first salt value. The creation client may present a personal information input request to a user through a user interface, and receive personal information input by the user. For example, the personal information of the user may be the name of the user's parent.
In another embodiment, the creating client may further randomly generate a first storage key, associate the first storage key with the first identity authentication method, and store the first storage key locally. Preferably, the creating client may also directly store the first storage key in a corresponding cloud of the first identity authentication method. For example, when the first authentication method has a corresponding cloud service account, the creation client may establish a communication connection with the cloud service account and store the first storage key therein.
According to the key management method provided by the embodiment of the application, the identity authentication mode specified by the user is bound to the local, so that when the user logs in the digital identity daily, the user can acquire data and perform key management only locally without interacting with the server, decentralization is realized to a certain extent, and the security of key management is further improved.
Preferably, in another embodiment, the key management method shown in fig. 3 may further include:
s340: and generating a second storage key, and encrypting the first storage key by using the second storage key to obtain the encrypted first storage key and store the encrypted first storage key locally.
Specifically, in order to further reduce the risk of stealing the first role decryption key, the creation client may further generate a second storage key for encrypting the first storage key, so as to strengthen the security degree of the first storage key, thereby further strengthening the security degree of the first role decryption key.
In an embodiment, the creating client may randomly generate the second storage key and store the second storage key in the cloud corresponding to the first identity authentication method, or associate the second storage key with the first identity authentication method and store the second storage key locally. Preferably, in another embodiment, the creating client may calculate the second storage key based on the first authentication information or based on the first authentication information and the first salt value. It should be understood that the manner of creating the second storage key calculated by the client based on the first authentication information may be the same as or similar to the manner of generating the first storage key, and will not be described herein again.
It should be understood that the specific encryption manner for the first role decryption key may be set by those skilled in the art according to actual requirements, for example, more related data may be added for calculation, the number of encryption layers is further increased, and the like, which is not limited in the embodiment of the present application.
Based on the key management method provided by the embodiment of the application, the identity authentication mode specified by the user is bound in the local, and the role key is subjected to multiple encryption, so that the role key storage mode is optimized, and the security of key management is further improved.
Fig. 4 is a flowchart illustrating a key management method according to another exemplary embodiment of the present application. The method may be performed by a client.
After the first authentication means has been bound with the login client device, when the user logs in the digital identity by the first authentication means on a daily basis, the login client may perform a key management method as shown in fig. 4, where the method may include the following steps:
s410: and after the user is confirmed to log in the digital identity through the first identity authentication mode, a first storage key is obtained.
Specifically, after the login client confirms that the user has the right to log in the digital identity and knows that the login mode of the user is the first identity authentication mode, the first storage key can be acquired through the first identity authentication mode. It should be understood that the specific manner in which the login client obtains the first storage key may correspond to the manner in which the creation client generates the first storage key in the method shown in fig. 3.
In an embodiment, the process of obtaining the first storage key by the login client may include: acquiring first identity authentication information through a first identity authentication mode; and calculating according to the first identity authentication information to obtain a first storage key corresponding to the first identity authentication mode.
Here, the method of acquiring the first authentication information by the login client may be different depending on the type of the first authentication method.
For example, when the first identity authentication method is a third party platform account, the user logs in the digital identity by logging in the third party platform account. After the user login is confirmed, the login client side can send a verification request to the first identity authentication side corresponding to the third-party platform account, and then first identity authentication information is obtained. After receiving the verification request, the first authentication terminal may perform authentication on the user. After the verification is passed, the first identity authentication end can send first identity authentication information containing user identity information to the login client, so that the login client can calculate to obtain the first storage key according to the first identity authentication information. For example: when the first identity authentication mode is WeChat, the WeChat authentication end can send the WeChat ID of the user to the login client after verifying the identity of the user, and the login client can calculate the first storage key according to the WeChat ID of the user.
For example, the first authentication method may be an authentication chip capable of interacting with the login client, and when the user logs in the digital identity, the authentication chip may interact with the login client to log in the digital identity. Here, the login client may directly read first authentication information including user identity information from the authentication chip, and calculate the first storage key.
For another example, the first identity authentication method may be a method of authenticating a human biometric feature of a user, and the user may log in a digital identity through a human biometric feature recognition method such as fingerprint recognition, face recognition, iris recognition, voice recognition, and the like. After the user login is confirmed, the login client can acquire the human body biological characteristics of the user, extract first identity authentication information from the human body biological characteristics, and calculate to obtain a first storage key.
In another embodiment, the process of obtaining the first storage key by the login client may include: acquiring first identity authentication information through a first identity authentication mode; obtaining a first salt value from the local; and calculating to obtain a first storage key according to the first identity authentication information and the first salt value. When the first identity authentication mode is bound to the login client device, the login client device may store the first salt value randomly generated or obtained from the server in the local.
In another embodiment, the process of obtaining the first storage key by the login client may include: acquiring first identity authentication information through a first identity authentication mode; acquiring personal information of a user; obtaining a first salt value from the local; and calculating to obtain a first storage key according to the first identity authentication information, the user personal information and the first salt value. The login client can present a personal information input request to a user through a user interface and receive personal information input by the user. For example, the personal information of the user may be the name of the user's parent.
In another embodiment, the first storage key may be pre-generated and stored locally, and has an association relationship with the first identity authentication method. The logging-in client can locally acquire a first storage key associated with the first identity authentication mode after confirming that the user logs in the digital identity through the first identity authentication mode.
In another implementation manner of the foregoing embodiment, when the first identity authentication method has a corresponding cloud service account, the first storage key may be generated in advance and stored in a corresponding cloud of the first identity authentication method. After confirming that the user logs in the digital identity through the first identity authentication mode, the login client can acquire the first storage key from the corresponding cloud end of the first identity authentication mode.
Based on the key management method provided by the embodiment of the application, on the premise of not interacting with a server, a user can log in the digital identity through the existing identity information, the complex and complicated key does not need to be memorized, the asset management is easily realized, meanwhile, the risk of key leakage or loss is eliminated, great convenience is provided for the user, and the asset safety of the user can be ensured to a great extent.
Optionally, in another embodiment, the process of obtaining the first storage key by the login client may include: acquiring a second storage key; and acquiring the encrypted first storage key from the local, and decrypting the encrypted first storage key based on the second storage key to obtain the first storage key.
In particular, to further reduce the risk of theft of the first role decryption key, the first storage key may also be stored locally in encrypted form after being encrypted by the second storage key.
In an embodiment, the login client may obtain the second storage key associated with the first authentication method from the local, or may obtain the second storage key from the cloud corresponding to the first authentication method. Preferably, in another embodiment, the login client may calculate the second storage key based on the first authentication information, or based on the first authentication information and the first salt value. It should be understood that the manner in which the login client obtains the second storage key may correspond to the manner in which the second storage key is generated, and will not be described herein again.
S420: and acquiring the encrypted first role decryption key from the local, and decrypting the encrypted first role decryption key based on the first storage key to obtain the first role decryption key.
Based on the key management method provided by the embodiment of the application, the role key storage mode is optimized by carrying out multiple encryption on the role key, and the security of key management is further improved.
Exemplary devices
Fig. 5 is a schematic diagram illustrating a key management device 500 according to an exemplary embodiment of the present application. The apparatus may be, for example, the electronic device 12 in a key management system. As shown in fig. 5, the apparatus 500 may include: a key obtaining module 510, configured to obtain a first role decryption key corresponding to a first role in at least one role of the digital identity when it is determined that the user logs in the digital identity through the first identity authentication method; and a decryption module 520, configured to decrypt the encrypted target key stored in the digital identity based on the first role decryption key to obtain a target key, where the target key is used to manage the asset corresponding to the first role.
In particular, a user may have at least one authentication means that is authorized to log on to a digital identity. One digital identity may be associated with only one identity authentication method or may be associated with a plurality of identity authentication methods. The plurality of authentication methods may correspond to the same user or may correspond to a plurality of different users. The digital identity corresponds to a natural person, a virtual identity or an organization.
The authentication method for the authorized login digital identity may be a method of authenticating the identity of the user through at least one kind of existing information of the corresponding user. The existing information of the user may include all existing authentication means held by the user.
In another embodiment, a user may have login rights for multiple digital identities, which may manage assets corresponding to the multiple digital identities.
When a user has login rights for multiple digital identities, at least one authentication mode of the user may be set to correspond to the multiple digital identities. That is, a user may log on to multiple digital identities through at least one identity authentication means.
After the user login digital identity is confirmed, the key acquisition module can acquire a first role decryption key corresponding to a first role of the digital identity. Specifically, when the user is confirmed to be the user with the login authority, the key obtaining module may obtain the first role decryption key of the digital identity based on the information of the user.
Specifically, the digital identity may own at least one asset, such as an account number in digital currency, account numbers in various login manners, and the like. Each asset has at least one corresponding target key for managing the asset, which may represent, for example, ownership, usage rights, viewing rights, or other rights of the asset.
Also, a digital identity may comprise at least one role, including a first role. At least one role is used to manage assets held by the digital identity, with different roles corresponding to different assets of the digital identity.
Based on the key management device provided by the embodiment of the application, different roles are set in the digital identity, and different asset management authorities are distributed to the different roles, so that assets can be divided according to user requirements or security levels, the convenience of a key management system is improved, and the assets can be managed more conveniently by a user.
Further, each role in the at least one role has a corresponding role key, and the role key may include a pair of a role encryption key and a role decryption key corresponding to each other. It should be understood that the role encryption key and the role decryption key may be a pair of asymmetric keys, such as a public key and a private key, or may be a symmetric key, which is not limited in this application.
Preferably, in another embodiment, after obtaining the target key, the key management apparatus 500 may further use the target key to manage the asset corresponding to the target key according to the instruction of the user.
Based on the key management device provided by the embodiment of the application, a user can log in the digital identity through the existing identity information, the asset management can be realized without memorizing complex and complicated keys, and great convenience is provided for the user; meanwhile, the key management device provided by the embodiment of the application eliminates the risk of key leakage or key loss, so that a user does not need to worry about whether the mode of keeping the key is reliable or not, and the asset safety of the user can be guaranteed to a great extent.
In an embodiment, the digital identity may further include a plurality of permission levels, and each permission level of the plurality of permission levels has a permission to manage the asset corresponding to at least one of the plurality of roles, respectively. Specifically, each identity authentication mode of all identity authentication modes corresponding to one digital identity has one authority level, and further has asset management authority of at least one role corresponding to the authority level.
In an embodiment, the key obtaining module may specifically include: a local acquisition unit configured to acquire a first storage key; and the local decryption unit is used for locally acquiring the encrypted first role decryption key and decrypting the encrypted first role decryption key based on the first storage key to obtain the first role decryption key.
Specifically, in an embodiment, the local obtaining unit may obtain the first identity authentication information through a first identity authentication method, and calculate the first storage key according to the first identity authentication information. For example, the first salt value may be obtained locally, and the first storage key may be calculated based on the first authentication information and the first salt value. Wherein, the first identity authentication information is non-public information.
Preferably, in another embodiment, in order to further reduce the risk of the first role decryption key being stolen, the first storage key may also be stored locally in encrypted form after being encrypted by the second storage key. Here, the local obtaining unit may obtain the second storage key first, further obtain the encrypted first storage key from the local, and decrypt the encrypted first storage key based on the second storage key to obtain the first storage key.
It should be understood that, for convenience and brevity of description, details of the above-described apparatus 500 and specific working scenarios, processes, effects, and the like of modules and units therein may refer to corresponding contents in the method embodiment of fig. 2, and are not described in detail herein.
Fig. 6 is a schematic diagram illustrating a key management apparatus 600 according to another exemplary embodiment of the present application. The apparatus may be, for example, the electronic device 12 in a key management system. As shown in fig. 6, the apparatus 600 may include: a communication obtaining module 610, configured to obtain an initial encrypted first role decryption key from a server; a communication decryption module 620, configured to obtain a first authentication decryption key, and decrypt the initially encrypted first role decryption key using the first authentication decryption key to obtain a first role decryption key, where the first authentication decryption key corresponds to a first identity authentication method; the local encryption module 630 is configured to generate a first storage key, encrypt the first role decryption key using the first storage key, obtain an encrypted first role decryption key, and store the encrypted first role decryption key locally.
The communication decryption module 620 specifically includes: the acquisition unit is used for acquiring the encrypted first authentication decryption key from the server side; a decryption unit: and the third storage key is used for decrypting the encrypted first authentication decryption key by using the third storage key to obtain the first authentication decryption key.
Specifically, in order to reduce the risk of leakage of the third storage key, the third storage key may be generated based on the first authentication method, or the third storage key may be stored after being associated with the first authentication method, so that the decryption unit can acquire the third storage key only when the user logs in the digital identity through the first authentication method. Here, the manner in which the decryption unit generates the third storage key may be different according to the type of the first authentication manner. Correspondingly, the way of acquiring the third storage key by the decryption unit may also be different according to the different generation ways.
In another embodiment, the local encryption module 630 is further configured to generate a second storage key, and encrypt the first storage key using the second storage key, to obtain an encrypted first storage key, and store the encrypted first storage key locally.
Based on the key management device provided by the embodiment of the application, the role key storage mode is optimized and the security of key management is further improved by binding the identity authentication mode specified by the user locally and carrying out multiple encryption on the role key.
It should be understood that, for convenience and brevity of description, details of the apparatus 600 and specific working scenarios, processes, effects, and the like of modules and units therein may refer to corresponding contents in the foregoing method embodiment of fig. 3, and are not described in detail herein.
Fig. 7 is a block diagram of an electronic device 700 provided in an exemplary embodiment of the present application. Referring to fig. 7, an electronic device 700 includes a processor 710, and memory resources, represented by memory 720, for storing computer instructions, such as application programs, that are executable by the processor 710. The application programs stored in memory 720 may include one or more modules that each correspond to a set of instructions. Further, the processor 710 is configured to execute instructions to perform the key management method described above.
The electronic device 700 may also include a power supply component configured to perform power management of the electronic device 700, a wired or wireless network interface configured to connect the electronic device 700 to a network, and an input-output (I/O) interface. The electronic device 700 may be operated based on an operating system stored in memory 720, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
A computer readable storage medium comprising computer instructions stored thereon. The computer instructions in the storage medium, when executed by a processor of the electronic device 700, enable the electronic device 700 to perform a key management method. The key management method comprises the following steps: after confirming that a user logs in the digital identity through a first identity authentication mode, obtaining a first role decryption key corresponding to a first role in at least one role of the digital identity; and decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain the target key, wherein the target key is used for managing the asset corresponding to the first role.
All the above optional technical solutions can be combined arbitrarily to form optional embodiments of the present application, and are not described herein again.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules and units is only one logical division, and there may be other divisions in actual implementation, for example, a plurality of modules or units may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program check codes, such as a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in the description of the present application, the terms "first", "second", "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present application, "a plurality" means two or more unless otherwise specified.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modifications, equivalents and the like that are within the spirit and principle of the present application should be included in the scope of the present application.
Claims (10)
1. A key management method, comprising:
after confirming that a user logs in a digital identity through a first identity authentication mode, obtaining a first role decryption key corresponding to a first role in at least one role of the digital identity;
and decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain a target key, wherein the target key is used for managing the asset corresponding to the first role.
2. The key management method of claim 1, wherein the first identity authentication mode is one of at least one identity authentication mode authorized to log in the digital identity, and the at least one identity authentication mode includes at least one of a third-party platform account, a terminal system account, a mobile phone number account, an identity authentication chip, a digital certificate, a private storage space account, a key, a password, and a human body biometric feature held by the user.
3. The key management method of claim 1, wherein the first identity authentication means corresponds to a plurality of digital identities.
4. The key management method of claim 1, wherein different ones of the at least one role correspond to different assets, the digital identity comprises a plurality of permission levels, each permission level of the plurality of permission levels having permission to manage the asset to which the at least one role of the plurality of roles corresponds;
the first identity authentication mode corresponds to a first authority level in the plurality of authority levels, and the first authority level has authority for managing the assets corresponding to the first role.
5. The key management method of claim 1, wherein the digital identity corresponds to a natural person, a virtual identity, or an organization.
6. The key management method according to any one of claims 1 to 5, wherein the obtaining a first role decryption key corresponding to a first role of the at least one role of the digital identity comprises:
acquiring first identity authentication information in the first identity authentication mode, wherein the first identity authentication information is non-public information;
calculating to obtain the first storage key according to the first identity authentication information;
and acquiring the encrypted first role decryption key from the local, and decrypting the encrypted first role decryption key based on the first storage key to obtain the first role decryption key.
7. The key management method of claim 6, wherein prior to obtaining the first persona decryption key, the method further comprises:
acquiring an initial encrypted first role decryption key from a server side;
acquiring a first authentication decryption key, and decrypting the initial encrypted first role decryption key by using the first authentication decryption key to obtain the first role decryption key, wherein the first authentication decryption key corresponds to the first identity authentication mode;
and generating the first storage key, and encrypting the first role decryption key by using the first storage key to obtain the encrypted first role decryption key and store the encrypted first role decryption key locally.
8. A key management apparatus, characterized by comprising:
the key acquisition module is used for acquiring a first role decryption key corresponding to a first role in at least one role of the digital identity when a user is confirmed to log in the digital identity through a first identity authentication mode;
and the decryption module is used for decrypting the encrypted target key stored in the digital identity based on the first role decryption key to obtain a target key, wherein the target key is used for managing the asset corresponding to the first role.
9. An electronic device, comprising:
a processor;
a memory including computer instructions stored thereon that, when executed by the processor, cause the processor to perform the key management method of any of claims 1 to 7.
10. A computer readable storage medium comprising computer instructions stored thereon, which when executed by a processor, cause the processor to perform the key management method of any of claims 1 to 7.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010897547.1A CN112039665A (en) | 2020-08-31 | 2020-08-31 | Key management method and device |
| PCT/CN2021/115722 WO2022042745A1 (en) | 2020-08-31 | 2021-08-31 | Key management method and apparatus |
| US18/175,886 US20230208637A1 (en) | 2020-08-31 | 2023-02-28 | Key management method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010897547.1A CN112039665A (en) | 2020-08-31 | 2020-08-31 | Key management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112039665A true CN112039665A (en) | 2020-12-04 |
Family
ID=73586423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010897547.1A Pending CN112039665A (en) | 2020-08-31 | 2020-08-31 | Key management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112039665A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113489710A (en) * | 2021-06-30 | 2021-10-08 | 厦门熵基科技有限公司 | File sharing method, device, equipment and storage medium |
| WO2022042746A1 (en) * | 2020-08-31 | 2022-03-03 | 北京书生网络技术有限公司 | Key management method and apparatus |
| WO2022042745A1 (en) * | 2020-08-31 | 2022-03-03 | 北京书生网络技术有限公司 | Key management method and apparatus |
| WO2022237581A1 (en) * | 2021-05-11 | 2022-11-17 | 胡金钱 | Blockchain application method and blockchain application terminal apparatus |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114666A1 (en) * | 1999-08-06 | 2005-05-26 | Sudia Frank W. | Blocked tree authorization and status systems |
| CN1979511A (en) * | 2005-12-09 | 2007-06-13 | 北京书生国际信息技术有限公司 | File data safety management system and method |
| JP2012014368A (en) * | 2010-06-30 | 2012-01-19 | Nara Institute Of Science & Technology | Key management device, service providing device, access management system, access management method, control program, and computer-readable recording medium |
| CN102457377A (en) * | 2011-08-08 | 2012-05-16 | 中标软件有限公司 | Role-based web remote authentication and authorization method and system thereof |
| CN111090622A (en) * | 2019-10-18 | 2020-05-01 | 西安电子科技大学 | Cloud storage information processing system and method based on dynamic encryption RBAC model |
-
2020
- 2020-08-31 CN CN202010897547.1A patent/CN112039665A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114666A1 (en) * | 1999-08-06 | 2005-05-26 | Sudia Frank W. | Blocked tree authorization and status systems |
| CN1979511A (en) * | 2005-12-09 | 2007-06-13 | 北京书生国际信息技术有限公司 | File data safety management system and method |
| JP2012014368A (en) * | 2010-06-30 | 2012-01-19 | Nara Institute Of Science & Technology | Key management device, service providing device, access management system, access management method, control program, and computer-readable recording medium |
| CN102457377A (en) * | 2011-08-08 | 2012-05-16 | 中标软件有限公司 | Role-based web remote authentication and authorization method and system thereof |
| CN111090622A (en) * | 2019-10-18 | 2020-05-01 | 西安电子科技大学 | Cloud storage information processing system and method based on dynamic encryption RBAC model |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022042746A1 (en) * | 2020-08-31 | 2022-03-03 | 北京书生网络技术有限公司 | Key management method and apparatus |
| WO2022042745A1 (en) * | 2020-08-31 | 2022-03-03 | 北京书生网络技术有限公司 | Key management method and apparatus |
| WO2022237581A1 (en) * | 2021-05-11 | 2022-11-17 | 胡金钱 | Blockchain application method and blockchain application terminal apparatus |
| CN113489710A (en) * | 2021-06-30 | 2021-10-08 | 厦门熵基科技有限公司 | File sharing method, device, equipment and storage medium |
| CN113489710B (en) * | 2021-06-30 | 2023-03-24 | 厦门熵基科技有限公司 | File sharing method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102047260B1 (en) | Method for generating, issuing and managing user integrated account based on blockchain | |
| CN106537403B (en) | System for accessing data from multiple devices | |
| KR101226651B1 (en) | User authentication method based on the utilization of biometric identification techniques and related architecture | |
| US9596089B2 (en) | Method for generating a certificate | |
| CN112039665A (en) | Key management method and device | |
| EP2747361A1 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
| JPWO2007094165A1 (en) | Identification system and program, and identification method | |
| CN109067766A (en) | A kind of identity identifying method, server end and client | |
| JP2006209697A (en) | Individual authentication system, and authentication device and individual authentication method used for the individual authentication system | |
| US20230208637A1 (en) | Key management method and apparatus | |
| WO2014141263A1 (en) | Asymmetric otp authentication system | |
| CN108768941B (en) | Method and device for remotely unlocking safety equipment | |
| KR20090019576A (en) | Certification method and system for a mobile phone | |
| CN106156549B (en) | application program authorization processing method and device | |
| KR20040082674A (en) | System and Method for Authenticating a Living Body Doubly | |
| KR102122555B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
| KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
| CN114124395B (en) | Key management method and device | |
| KR102342354B1 (en) | The Method for Non-face-to-face Identification utilizing the Shared-ID and the Convenient-Safe-OTP | |
| CN111970126A (en) | Key management method and device | |
| CN114124422B (en) | Key management method and device | |
| Edwards et al. | FFDA: A novel four-factor distributed authentication mechanism | |
| KR20030087138A (en) | System and Method for Logging-in Website and Storing Game Item by Using IC Card | |
| KR100930012B1 (en) | Method for Processing User's Certification | |
| CN110689351A (en) | Financial service verification system and financial service verification method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |