CN113032815A - Key combination calculation management method, device and equipment - Google Patents

Key combination calculation management method, device and equipment Download PDF

Info

Publication number
CN113032815A
CN113032815A CN202110539660.7A CN202110539660A CN113032815A CN 113032815 A CN113032815 A CN 113032815A CN 202110539660 A CN202110539660 A CN 202110539660A CN 113032815 A CN113032815 A CN 113032815A
Authority
CN
China
Prior art keywords
key
management entity
key management
temporary
ecc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110539660.7A
Other languages
Chinese (zh)
Other versions
CN113032815B (en
Inventor
王滨
陈思
韩忠昕
张君
黄杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN202110539660.7A priority Critical patent/CN113032815B/en
Publication of CN113032815A publication Critical patent/CN113032815A/en
Application granted granted Critical
Publication of CN113032815B publication Critical patent/CN113032815B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a key combination calculation management method, a device and equipment, wherein the method comprises the following steps: the client generates a temporary public key based on the random number, the base point and all ECC public keys, encrypts a symmetric key generated randomly based on the temporary public key to obtain a ciphertext of the symmetric key, and generates a character string based on the base point and the random number; the client sends a data request to the server, wherein the data request comprises a ciphertext and a character string; the server side sends the character string to a first key management entity, and the first key management entity generates a temporary sub-key based on the character string and an ECC private key; the last key management entity generates a temporary private key corresponding to the temporary public key based on the temporary sub-key and the ECC private key sent by the last key management entity; and the server decrypts the ciphertext based on the temporary private key to obtain a symmetric key, and encrypts the target data based on the symmetric key to obtain encrypted data. Through the technical scheme of the application, the security level is improved, and the security of the ECC private key is ensured.

Description

Key combination calculation management method, device and equipment
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method, an apparatus, and a device for computing and managing a key combination.
Background
The asymmetric encryption algorithm is a secret key security method, and the asymmetric encryption algorithm needs two secret keys: the public key (public key for short) and the private key (private key for short) are a pair, and if the public key is used for encrypting data, the private key corresponding to the public key is needed for decryption. Since encryption and decryption use two different keys, such an algorithm that employs a public key and a private key is referred to as an asymmetric encryption algorithm.
The basic process of realizing data exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of secret keys (namely a public key and a private key), the public key is published, the second party acquires the public key, the public key is used for encrypting data and then sending the data to the first party, and the first party uses the private key to decrypt the encrypted data. On the other hand, the first party signs the data by using the private key and then sends the data to the second party, and the second party checks the data by using the public key.
In a key management system, data exchange is usually realized by using an asymmetric encryption algorithm, after a public key and a private key are generated by a first party, the public key and the private key are not changed any more, and all data exchange processes between the first party and a second party use the public key and the private key for encryption and decryption. However, once the private key is leaked, security of all data exchange processes is reduced due to the leakage of the private key, and security of data exchange cannot be guaranteed.
Disclosure of Invention
The application provides a key combination calculation management method, a server comprises at least two key management entities, the at least two key management entities are connected in sequence, each key management entity independently manages an elliptic curve cipher ECC key pair, the ECC key pair comprises an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, the method comprises the following steps:
the client generates a temporary public key P based on the random number R, a base point G on the elliptic curve and ECC public keys of all key management entities, encrypts a randomly generated symmetric key k based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and generates a character string R based on the base point G and the random number R;
the client sends a data request to the server, wherein the data request comprises a ciphertext c and a character string R;
the server side sends the character string R to a first key management entity, the first key management entity generates a temporary sub-key based on the character string R and an ECC private key of the key management entity, and sends the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
and the server decrypts the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypts target data based on the symmetric key k to obtain encrypted data, and sends a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
Illustratively, the client generates the temporary public key P by using the following formula: p = H (r × pk1) · G + z;
the client generates a character string R by adopting the following formula: r = R · G;
the first key management entity generates a temporary sub-key v by using the following formula1:v1=H(R·s1);
Each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the sum of the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity; the last key management entity generates the temporary private key v based on the sum of the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
where H denotes serializing points on the elliptic curve into a bit string, pk1 denotes the ECC public key of the first key management entity, z denotes the sum of the ECC public keys of all key management entities except the first key management entity, and s1 denotes the ECC private key of the first key management entity;
represents a dot product operation on the elliptic curve, and + represents a dot add operation on the elliptic curve.
Illustratively, the client manages a device private key and a device public key, and the first key management entity stores the device public key, the method further includes: the client signs the ciphertext c and the character string R based on the device private key to obtain a first signature value, and the data request further comprises the first signature value; the server side also sends the first signature value to a first key management entity; the first key management entity conducts signature verification operation based on the device public key and the first signature value; and if the signature passes the verification, executing the operation of generating a temporary sub-key based on the character string R and the ECC private key of the key management entity.
Illustratively, after the server encrypts the target data based on the symmetric key k to obtain encrypted data, the method further includes: the server signs the encrypted data based on the temporary private key v to obtain a second signature value, and the data response further comprises the second signature value;
after receiving the data response, the client performs signature verification operation based on the temporary public key P and the second signature value; and if the signature verification passes, decrypting the encrypted data based on the symmetric key k to obtain the target data.
In a possible implementation manner, for a plurality of data requests to be sent, a symmetric key k is randomly generated for each data request, and the symmetric keys k corresponding to different data requests are different; randomly generating a random number r for each data request, wherein the random numbers r corresponding to different data requests are different; and generating a temporary public key P for each data request, wherein the temporary public keys P corresponding to different data requests are different.
Illustratively, the at least two key management entities are deployed on the same physical device or different physical devices; each key management entity stores the ECC key pair of the key management entity through a specified storage medium, and the storage areas of different key management entities for storing the ECC key pair of the key management entity are different.
The application provides a key combination calculation management method, a server comprises at least two key management entities, the at least two key management entities are connected in sequence, each key management entity independently manages an elliptic curve cipher ECC key pair, the ECC key pair comprises an ECC private key and an ECC public key, a client stores the ECC public keys of all the key management entities, the method is applied to the server and comprises the following steps:
receiving a data request sent by a client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
sending the character string R to a first key management entity, generating a temporary sub-key by the first key management entity based on the character string R and an ECC private key of the key management entity, and sending the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypting target data based on the symmetric key k to obtain encrypted data, and sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
The application provides a key combination calculation management method, a server comprises at least two key management entities, the at least two key management entities are connected in sequence, each key management entity independently manages an elliptic curve cipher ECC key pair, the ECC key pair comprises an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, the method is applied to the client and comprises the following steps:
generating a temporary public key P based on a random number R, a base point G on an elliptic curve and ECC public keys of all key management entities, encrypting a symmetric key k generated randomly based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and generating a character string R based on the base point G and the random number R;
sending a data request to a server, wherein the data request comprises a ciphertext c and a character string R; so that a first key management entity of the server generates a temporary sub-key based on the character string R and an ECC private key of the key management entity, and sends the temporary sub-key to a next key management entity; each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity; the last key management entity generates a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
receiving a data response sent by the server, wherein the data response comprises encrypted data; the encrypted data is obtained by the server side decrypting a ciphertext c based on the temporary private key v to obtain a symmetric key k and encrypting target data based on the symmetric key k;
and decrypting the encrypted data based on the symmetric key k to obtain the target data.
The application provides a key combination calculation management device, the server includes two at least key management entities, two at least key management entities are connected according to the order, and every key management entity manages oval curve password ECC key pair alone, and the ECC key pair includes ECC private key and ECC public key, and the client side stores the ECC public key of all key management entities, the device is applied to the server, the device includes:
the receiving module is used for receiving a data request sent by the client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
the processing module is used for sending the character string R to a first key management entity so that the first key management entity generates a temporary sub-key based on the character string R and an ECC private key of the key management entity and sends the temporary sub-key to a next key management entity; each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity; enabling the last key management entity to generate a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
the decryption module is used for decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, and encrypting the target data based on the symmetric key k to obtain encrypted data;
and the sending module is used for sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
The application provides a server side equipment, server side equipment includes two at least key management entities, two at least key management entities are connected according to the order, and every key management entity manages oval curve password ECC key pair alone, and the ECC key pair includes ECC private key and ECC public key, and the client side stores the ECC public key of all key management entities, server side equipment includes: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor; the processor is configured to execute machine executable instructions to perform the steps of:
receiving a data request sent by a client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
sending the character string R to a first key management entity, generating a temporary sub-key by the first key management entity based on the character string R and an ECC private key of the key management entity, and sending the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypting target data based on the symmetric key k to obtain encrypted data, and sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
As can be seen from the above technical solutions, in the embodiment of the present application, the server may include at least two key management entities, each key management entity separately manages an ECC (Elliptic Curve cryptography) key pair, and the ECC key pair includes an ECC private key and an ECC public key, that is, each key management entity separately possesses 1 ECC private key, each key management entity independently stores the ECC private key, and the decryption process can be completed through the ECC private keys managed by all the key management entities, so that the security level is improved, and the security of the ECC private key is ensured. For example, even if the ECC private keys managed by one or more key management entities are leaked, as long as the ECC private keys managed by all key management entities are not leaked, an attacker cannot know all the ECC private keys and cannot decrypt data, so that the security of the data decryption process is ensured, that is, the security of data exchange can be effectively ensured when the private keys are leaked. Moreover, for each data exchange process, the client needs to generate the temporary public key P separately based on the ECC public key managed by all the key management entities, and the server needs to generate the temporary private key v corresponding to the temporary public key P separately, that is, the temporary public key P and the temporary private key v are only for one data exchange process, and the temporary private key v of one data exchange process is leaked, which does not affect the decryption process of other data exchange processes, thereby improving the security level, that is, even if an attacker knows the temporary private key v, the attacker can only decrypt one data exchange process, and cannot decrypt other data exchange processes by using the temporary private key v, thereby ensuring the security of data exchange.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present application.
FIG. 1 is a schematic diagram of an application scenario in an embodiment of the present application;
FIG. 2 is a flow diagram of a method for key combination calculation management in one embodiment of the present application;
FIG. 3 is a flow diagram of a method for key combination calculation management in one embodiment of the present application;
FIG. 4 is a flow diagram of a method for key combination calculation management in one embodiment of the present application;
FIG. 5 is a flow diagram of a method for key combination calculation management in one embodiment of the present application;
fig. 6 is a block diagram of a key combination calculation management apparatus according to an embodiment of the present application;
fig. 7 is a block diagram of a server device according to an embodiment of the present application.
Detailed Description
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
In a key management system, data exchange is usually implemented by using an asymmetric encryption algorithm, two parties that need to implement data exchange are called a client and a server, the client needs to access target data of the server (i.e., service data or application data provided by the server), and the server can send the target data to the client.
The client may be any type of electronic device, such as a terminal device, a Personal Computer (PC), a notebook Computer, and the like, and the server may be any type of electronic device, such as a terminal device, a PC, a notebook Computer, a server, and the like, without limitation to the types of the client and the server.
In the data exchange process of the client and the server, the server generates a pair of keys, namely a public key and a private key, and discloses the public key, the client acquires the public key, and the client and the server use the public key and the private key to realize encryption and decryption. After the server generates the public key and the private key, the public key and the private key are not changed any more, and all data exchange processes between the client and the server use the public key and the private key for encryption and decryption.
Obviously, once the private key of the server is leaked, the security of all data exchange processes between the client and the server is reduced due to the leakage of the private key, and the security of data exchange cannot be ensured.
In view of the above discovery, in the embodiment of the present application, the server includes at least two key management entities, each key management entity separately manages a private key and a public key, and decryption can be completed only by the private keys of all the key management entities, even if the private keys of one or more key management entities are leaked, as long as the private keys of all the key management entities are not leaked, an attacker cannot decrypt data, so that security of the private keys can be ensured, and security of data exchange can be effectively ensured. For each data exchange process, the client side needs to independently generate a temporary public key P based on public keys of all key management entities, the server side independently generates a temporary private key v corresponding to the temporary public key P, the temporary private key v in one data exchange process is leaked, decryption processes of other data exchange processes cannot be influenced, and therefore the safety of data exchange can be effectively guaranteed.
In the embodiment of the present application, the public key and the private key may be public keys and private keys of an asymmetric encryption algorithm, such as RSA public keys and RSA private keys, or ECC public keys and ECC private keys, or may be other types of public keys and private keys, and the types of the public keys and the private keys are not limited, as long as they are the public keys and the private keys of the asymmetric encryption algorithm. For convenience of description, in the following embodiments, the ECC public key and the ECC private key are taken as examples, and implementation processes of other types of public keys and private keys are similar, and are not described again in this embodiment.
In this embodiment, the server includes at least two key management entities, and the key management entities are connected in sequence, that is, the first key management entity is connected to the second key management entity, the second key management entity is connected to the third key management entity, and so on, the penultimate key management entity is connected to the last key management entity. Of course, besides the above-mentioned sequential connection relationship, there may be other connection relationships between the key management entities, for example, the first key management entity is connected to the third key management entity, the first key management entity is connected to the last key management entity, and the like, which is not limited to this. For convenience of description, in the following embodiments, the key management entities are connected in order as an example.
Referring to fig. 1, which is a schematic view of an application scenario of the embodiment of the present application, the number of the clients 10 may be at least one, and these clients 10 are denoted as a client 10-1, a client 10-2, …, and a client 10-m, that is, m clients 10 are taken as an example for description. Since the processing procedure of each client 10 is the same, for convenience of description, the processing procedure of one client 10 is taken as an example in the subsequent embodiment.
The server 20 includes at least two key management entities 21, and referring to fig. 1, the key management entities 21 are denoted as a key management entity 21-1, a key management entity 21-2, key management entities 21-3, …, and a key management entity 21-n, that is, n key management entities 21 are taken as an example for illustration.
Referring to fig. 1, a key management entity 21-1 is connected to a key management entity 21-2, a key management entity 21-2 is connected to a key management entity 21-3, …, and a key management entity 21- (n-1) is connected to a key management entity 21-n. it is clear that the key management entity 21-1 is the first key management entity and the key management entity 21-n is the last key management entity, the key management entity 21-1 is the last key management entity of the key management entity 21-2, the key management entity 21-2 is the next key management entity of the key management entity 21-1, the key management entity 21-2 is the last key management entity of the key management entity 21-3, the key management entity 21-3 is the next key management entity of the key management entity 21-2, and so on.
In the embodiment of the application, each key management entity independently manages an ECC key pair, and the ECC key pair comprises an ECC private key and an ECC public key, namely the ECC private key and the ECC public key form the ECC key pair. The separate management of ECC key pairs by each key management entity may be: each key management entity separately obtains an ECC key pair (which may be generated by the key management entity itself, or may be generated by the service end 21 and then issued to the key management entity), and one key management entity cannot acquire the ECC key pair of another key management entity. Each key management entity stores an ECC key pair separately, and one key management entity does not store an ECC key pair of another key management entity. Each key management entity uses the ECC key pair separately, and one key management entity cannot use the ECC key pair of the other key management entity.
For example, the key management entity 21-1 manages an ECC key pair 1, the ECC key pair 1 includes pk1 and s1, pk1 is the ECC public key of the key management entity 21-1, and s1 is the ECC private key of the key management entity 21-1. The key management entity 21-2 manages the ECC key pair 2, the ECC key pair 2 including pk2 and s2, pk2 being an ECC public key of the key management entity 21-2, and s2 being an ECC private key of the key management entity 21-2. By analogy, the key management entity 21-n manages an ECC key pair n, the ECC key pair n includes pkn and sn, pkn is the ECC public key of the key management entity 21-n, and sn is the ECC private key of the key management entity 21-n.
In the embodiment of the present application, the client 10 stores the ECC public keys of all the key management entities, for example, the client 10 stores the ECC public key of the key management entity 21-1 (i.e., pk1), the ECC public key of the key management entity 21-2 (i.e., pk 2), …, and the ECC public key of the key management entity 21-n (i.e., pkn).
In this embodiment of the present application, for all key management entities, the key management entities may be functional modules, which are deployed in existing physical devices, and the key management entities may also be independent devices, that is, each key management entity is an independent device. When the key management entities are deployed on the existing physical devices, the key management entities can be deployed on the same physical device or different physical devices. For example, the server may be implemented by one physical device, and all key management entities may be deployed on the physical device. Or, the server may be implemented by multiple physical devices, and all the key management entities may be deployed in the same physical device, or may be deployed in different physical devices, without limitation to the deployment relationship.
For example, for each key management entity, the ECC key pair of the key management entity may be stored by a specified storage medium (which may be any type of storage medium, such as a magnetic disk, a volatile memory, a non-volatile memory, a solid state disk, and the like, without limitation to the type of the storage medium), and storage areas for storing the ECC key pair of the key management entity of different key management entities are different.
For example, the key management entity 21-1 uses the storage area 1 to store the ECC key pair 1 of the key management entity 21-1, the key management entity 21-2 uses the storage area 2 to store the ECC key pair 2, … of the key management entity 21-2, and the key management entity 21-n uses the storage area n to store the ECC key pair n of the key management entity 21-n. Obviously, the storage area 1, the storage area 2 …, and the storage area n may be different storage areas of a specified storage medium, and these storage areas may be located in the same physical device or in different physical devices, which is not limited to this, as long as these storage areas are different storage areas.
The ECC key pairs of different key management entities are stored in different storage areas, so that the ECC key pairs of different key management entities are isolated on the storage areas, and the key management entities can only access the ECC key pairs of the storage areas of the key management entities and cannot access the ECC key pairs of the storage areas of other key management entities.
In the above application scenario, an embodiment of the present application provides a key combination calculation management method, where a server includes at least two key management entities, the key management entities are connected in sequence, each key management entity separately manages an ECC key pair (an ECC private key and an ECC public key), and a client stores ECC public keys of all the key management entities, where, referring to fig. 2, the method is a flowchart of the method, and the method includes:
step 201, the client generates a temporary public key P based on the random number R, the base point G on the elliptic curve and the ECC public keys of all the key management entities, encrypts the symmetric key k generated randomly based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and generates a character string R based on the base point G and the random number R.
For example, when the client needs to request the target data from the server, the client may randomly generate a random number r, that is, the client randomly generates a numerical value as the random number r, and the generation manner of the random number r is not limited. And the client can also randomly generate a symmetric key k, namely, the client randomly generates a key as the symmetric key k, and the generation mode of the symmetric key k is not limited.
For example, both the client and the server may obtain an elliptic curve (that is, when ECC is used as the asymmetric encryption algorithm, the structure of the elliptic curve may be agreed), and may select a certain point on the elliptic curve as the base point G, and both the client and the server may obtain which point on the elliptic curve is used as the base point G.
Illustratively, the client may also store the ECC public keys of all the key management entities, for example, the client stores the ECC public key of the key management entity 21-1 (i.e., pk1), the ECC public key of the key management entity 21-2 (i.e., pk 2), …, and the ECC public key of the key management entity 21-n (i.e., pkn).
In one possible implementation, knowing the random number r, the base point G on the elliptic curve, and the ECC public keys of all the key management entities, the client may generate the temporary public key P based on the random number r, the base point G, and the ECC public keys of all the key management entities, for example, using the following formula (1):
p = H (r × pk 1). G + z formula (1)
In formula (1), r represents a random number, pk1 represents the ECC public key of the first key management entity, such as the ECC public key of the key management entity 21-1, G denotes a base point G on the elliptic curve, z denotes the sum of the ECC public keys of all key management entities except the first key management entity, i.e., the sum of the ECC public key pk2 of the key management entity 21-2, the ECC public keys pk3, … of the key management entity 21-3, the ECC public key pkn of the key management entity 21-n, the term "point addition" refers to a point addition operation on an elliptic curve, H is a pre-configured serialization function, the input data is a point on an elliptic curve, the output data is a bit string, and H is a bit string that serializes a point on an elliptic curve, that is, a point on the elliptic curve (r × pk1) · G) can be serialized by H into a bit string.
Obviously, the client may also generate the temporary public key P by using the following formula (2):
p = H (r × pk1) · G + pk2+ pk3+ … + pkn formula (2)
In a possible implementation manner, knowing the temporary public key P and the symmetric key k, the client may encrypt the symmetric key k based on the temporary public key P to obtain the ciphertext c of the symmetric key k, and the encryption process is not limited as long as the temporary public key P can be used to encrypt the symmetric key k.
In one possible implementation, knowing the base point G and the random number R, the client may generate the character string R based on the base point G and the random number R, for example, by using the following formula (3):
r = r.G equation (3)
r denotes a random number, G denotes a base point G on the elliptic curve, and · denotes a point multiplication operation on the elliptic curve.
Step 202, the client sends a data request to the server, wherein the data request comprises a ciphertext c and a character string R.
For example, the client may splice the ciphertext c and the character string R to obtain a character string R | | | c, | | | represents character string splicing, and when the client sends a data request to the server, the data request may include the character string R | | | c, that is, the data request includes the ciphertext c and the character string R, and the data request is used to request target data of the server.
Step 203, the server sends the character string R to the first key management entity, and the first key management entity generates a temporary sub-key based on the character string R and the ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity. And aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity. And aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity.
For example, after receiving a data request, the server parses a ciphertext c and a character string R from the data request, for example, parses a character string R | | c from the data request, and splits the character string R | | c into the ciphertext c and the character string R. The server may then send the string R to the first key management entity, i.e. key management entity 21-1. The key management entity 21-1 generates a temporary sub-key v based on the character string R and the ECC private key of the key management entity 21-11And sends the temporary subkey v1Sent to and connected with the local key management entity 21-1The next key management entity follows, key management entity 21-2. For the key management entity 21-1, the temporary subkey v may be generated using the following formula1:v1= H (R · s 1). In the above formula, H denotes serializing a point on the elliptic curve into a bit string, R denotes a character string R in the data request, s1 denotes the ECC private key of the key management entity 21-1, and · denotes a point multiplication operation on the elliptic curve.
For the key management entity 21-2 connected to the key management entity 21-1, the key management entity 21-2 receives the temporary subkey v1Then based on the temporary subkey v1And the ECC private key of the key management entity 21-2 generates a temporary sub-key v2And sends the temporary subkey v2To the next key management entity connected to the present key management entity 21-2, i.e., the key management entity 21-3. For the key management entity 21-2, the temporary subkey v may be generated using the following formula2:v2= v1+ s 2. In the above formula, + denotes a dot-and-add operation on the elliptic curve, and s2 denotes the ECC private key of the key management entity 21-2.
For the key management entity 21-3 connected to the key management entity 21-2, the key management entity 21-3 is receiving the temporary subkey v2Can then be based on the temporary subkey v2Generates a temporary subkey v with the ECC private key (i.e., s 3) of the present key management entity 21-33And sends the temporary subkey v3To the next key management entity connected to the present key management entity 21-3, i.e., the key management entity 21-4. For the key management entity 21-3, the temporary subkey v may be generated using the following formula3:v3= v2+ s3。
By analogy, for each key management entity except the key management entity 21-1 and the key management entity 21-n, a temporary sub-key is generated based on the temporary sub-key sent by the previous key management entity and the ECC private key of the key management entity, that is, a temporary sub-key is generated based on the sum of the temporary sub-key sent by the previous key management entity and the ECC private key of the key management entity, that is, the sum of the temporary sub-key and the ECC private key is used as the temporary sub-key, and the temporary sub-key is sent to the next key management entity connected with the key management entity.
For the key management entity 21-n (i.e. the last key management entity) connected to the key management entity 21- (n-1), the key management entity 21-n is receiving the temporary subkey vn-1Can then be based on the temporary subkey vn-1Generates a temporary sub-key v with the ECC private key (i.e., sn) of the present key management entity 21-nnAnd a temporary subkey vnIs the temporary private key v corresponding to the temporary public key P. For example, the key management entity 21-n may be based on the temporary subkey v sent by the key management entity 21- (n-1)n-1And the sum of the ECC private keys sn of the key management entity 21-n, and a temporary private key v corresponding to the temporary public key P, that is, the sum of the two is used as the temporary private key v. For the key management entity 21-n, the temporary subkey v may be generated using the following formulan:vn= vn-1+ sn, and a temporary subkey vnIs the temporary private key v corresponding to the temporary public key P.
Illustratively, the temporary private key v (i.e., the temporary subkey v)n) Corresponding to the temporary public key P means:
vn=vn-1+sn=vn-2+s(n-1)+sn=vn-3+s(n-2)+s(n-1)+sn=…=
v1+s2+s3+…+s(n-2)+s(n-1)+sn=
H(R·s1)+s2+s3+…+s(n-2)+s(n-1)+sn
and, as shown in formula (2), P = H (r × pk1) · G + pk2+ pk3+ … + pkn =
H(r* s1·G)·G+ s2·G + s3·G +…+ sn·G=
H(r* G·s1)·G+ s2·G + s3·G +…+ sn·G=
H(R·s1)·G+ s2·G + s3·G +…+ sn·G=
[H(R·s1) + s2 + s3 +…+ sn]·G。
As can be seen from the above expression of the temporary private key v and the expression of the temporary public key P, the temporary public key P is the temporary private key v.g, i.e. the temporary private key v (temporary sub-key v)n) Corresponding to the temporary public key P.
And step 204, the server decrypts the ciphertext c based on the temporary private key v to obtain a symmetric key k, and encrypts the target data based on the symmetric key k to obtain encrypted data.
For example, the client may encrypt the symmetric key k based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and the temporary private key v and the temporary public key P form a set of asymmetric keys, so that the server may decrypt the ciphertext c using the temporary private key v to obtain the symmetric key k.
Illustratively, regarding a data request sent by a client to a server, the data request is used for requesting target data of the server, so that the server may query the target data matching the data request and encrypt the target data by using the symmetric key k to obtain encrypted data.
In a possible implementation manner, the server may send the ciphertext c and the target data to the key management entity 21-n (i.e., the last key management entity), and the key management entity 21-n decrypts the ciphertext c based on the temporary private key v to obtain a symmetric key k, and encrypts the target data based on the symmetric key k.
Step 205, the server sends a data response to the client, where the data response includes the encrypted data.
And step 206, after receiving the data response, the client decrypts the encrypted data based on the symmetric key k to obtain the target data. For example, the client analyzes the encrypted data from the data response, and decrypts the encrypted data based on the symmetric key k to obtain the target data.
For example, since the server encrypts the target data by using the symmetric key k to obtain the encrypted data, the client may decrypt the encrypted data by using the symmetric key k (i.e., the symmetric key k randomly generated by the client and the symmetric key k may be stored by the client) to obtain the target data.
In a possible implementation manner, a client may request multiple target data of a server, that is, the client needs to send multiple data requests (each data request is understood as a session) to the server, and for the multiple data requests to be sent, the client randomly generates a symmetric key k for each data request, and the symmetric keys k corresponding to different data requests are different or the same. And the client randomly generates a random number r for each data request, and the random numbers r corresponding to different data requests are different or the same. And the client generates a temporary public key P for each data request, and the temporary public keys P corresponding to different data requests are different or the same, because the random numbers r used for generating the temporary public keys P are different, the base points G are the same, and the ECC public keys of all the key management entities are the same, the temporary public keys P corresponding to different data requests can be different.
For each data request to be sent, based on steps 201-206, the client sends the data request to the server, and the server returns target data corresponding to the data request to the client.
In one possible implementation, the client manages a device private key (also referred to as a signature private key) and a device public key (also referred to as a signature public key), and the first key management entity of the server stores the device public key. For example, the client generates a device private key and a device public key, registers the device public key to the server, and a first key management entity of the server stores the device public key for subsequent identity authentication.
Based on this, in step 201, the client may further sign the ciphertext c and the character string R based on the device private key to obtain a first signature value, for example, the client may sign the character string R | | c based on the device private key to obtain the first signature value, and the signature manner is not limited. In step 202, when the client sends a data request to the server, the data request may further include the first signature value.
In step 203, the server may send the first signature value to a first key management entity, and the first key management entity performs signature verification operation based on the device public key and the first signature value. And if the signature passes the verification, the first key management entity executes the operation of generating the temporary sub-key based on the character string R and the ECC private key of the key management entity. If the verification is not passed, the data request is not legal, the first key management entity prohibits execution of the operation of generating the temporary sub-key based on the character string R and the ECC private key of the key management entity, and the sending process of the target data is ended, namely, the server side cannot return the target data to the client side.
For example, the server may send a data request to the first key management entity, where the data request may include the contents of the ciphertext c, the character string R, the first signature value, and the like. The first key management entity can perform signature verification operation based on the device public key and the first signature value, and the signature verification process is not limited. If the check label passes, the data request is legal, and the return process of the target data is executed, that is, the target data is sent to the client through steps 203 to 206. If the verification is not passed, the data request is not legal, and the return flow of the target data is not executed, namely, the server side does not return the target data to the client side.
In a possible implementation manner, after the server encrypts the target data based on the symmetric key k to obtain the encrypted data, the server may further sign the encrypted data based on the temporary private key v to obtain a second signature value, and the data response may further include the second signature value. After receiving the data response, the client terminal can perform signature verification operation based on the temporary public key P and the second signature value; and if the signature passes the verification, decrypting the encrypted data based on the symmetric key k to obtain the target data.
For example, in step 204, the server may further sign the encrypted data based on the temporary private key v to obtain a second signature value, and the signing manner is not limited. In step 205, when the server sends the data response to the client, the data response may further include a second signature value. In step 206, the client may perform a signature verification operation based on the temporary public key P and the second signature value, without limitation to the signature verification process. If the verification passes, the data response is legal, and the client decrypts the encrypted data in the data response based on the symmetric key k to obtain the target data. If the verification is not passed, the data response is not legal, and the client does not decrypt the encrypted data in the data response based on the symmetric key k, namely the process is ended.
According to the technical scheme, in the embodiment of the application, the server comprises at least two key management entities, each key management entity independently manages an ECC key pair, each ECC key pair comprises an ECC private key and an ECC public key, namely, each key management entity has 1 ECC private key, each key management entity independently stores the ECC private key, and the decryption process can be completed through the ECC private keys managed by all the key management entities, so that the security level is improved, and the security of the ECC private keys is ensured. For example, even if the ECC private keys managed by one or more key management entities are leaked, as long as the ECC private keys managed by all key management entities are not leaked, an attacker cannot know all the ECC private keys, cannot decrypt data, and ensures the security of the data decryption process, that is, the security of data exchange can be effectively ensured when the private keys are leaked. For each data exchange process, the client needs to generate the temporary public key P separately based on the ECC public key managed by all the key management entities, and the server needs to generate the temporary private key v corresponding to the temporary public key P separately, that is, the temporary public key P and the temporary private key v are only for one data exchange process (that is, a primary transmission process of a data request and a data response, which is a primary data exchange process), and the temporary private key v of one data exchange process is leaked, and the decryption process of other data exchange processes is not affected, so as to improve the security level, that is, even if an attacker learns the temporary private key v, the attacker can only decrypt one data exchange process, and cannot decrypt other data exchange processes by using the temporary private key v, thereby ensuring the security of data exchange.
The above technical solution is explained below with reference to specific application scenarios. In this application scenario, taking 3 key management entities as an example, where the 3 key management entities are a key management entity 21-1, a key management entity 21-2, and a key management entity 21-3, respectively, in this application scenario, a key combination calculation management method is proposed in this application embodiment, referring to fig. 3, which is a flowchart of the method, and the method includes:
step 301, the client generates a temporary public key P based on the random number R, the base point G on the elliptic curve and the ECC public keys of all the key management entities, encrypts the symmetric key k generated randomly based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and generates a character string R based on the base point G and the random number R. And signing the ciphertext c and the character string R based on the device private key to obtain a first signature value.
Step 302, the client sends a data request to the server, where the data request may include a ciphertext c, a string R, and a first signature value. For example, the data request is sent to the key management entity 21-1.
Step 303, the key management entity 21-1 performs signature verification operation based on the device public key and the first signature value. If the signature passes the verification, generating a temporary sub-secret key v based on the character string R and the ECC private key of the key management entity 21-11And sends the temporary subkey v1To the key management entity 21-2.
Step 304, the key management entity 21-2 bases on the temporary subkey v1And the ECC private key of the key management entity 21-2 generates a temporary sub-key v2And sends the temporary subkey v2To the key management entity 21-3.
Step 305, the key management entity 21-3 bases on the temporary subkey v2And the ECC private key of the key management entity 21-3 generates a temporary sub-key v3Temporary subkey v3Is a temporary private key v corresponding to the temporary public key P.
Step 306, the key management entity 21-3 decrypts the ciphertext c based on the temporary private key v to obtain a symmetric key k, and encrypts the target data based on the symmetric key k to obtain encrypted data. And the key management entity 21-3 signs the encrypted data based on the temporary private key v to obtain a second signature value.
Illustratively, the key management entity 21-1 may further send the data request to the key management entity 21-2, and the key management entity 21-2 sends the data request to the key management entity 21-3, so that the key management entity 21-3 parses the ciphertext c from the data request and decrypts the ciphertext c based on the temporary private key v.
Step 307, the key management entity 21-3 sends a data response to the key management entity 21-2, the key management entity 21-2 sends a data response to the key management entity 21-1, and the key management entity 21-1 sends a data response to the client, where the data response may include the encrypted data and the second signature value.
Step 308, after receiving the data response, the client performs signature verification operation based on the temporary public key P and the second signature value; and if the signature verification passes, decrypting the encrypted data based on the symmetric key k to obtain the target data.
In a possible implementation manner, the client may request multiple target data of the server, that is, the client needs to send multiple data requests (each data request is understood as a session) to the server, and for each data request to be sent, steps 301 to 308 may be performed, where the client sends the data request to the server, and the server returns the target data corresponding to the data request to the client.
Based on the same application concept as the method described above, another key combination calculation management method is proposed in this embodiment of the present application, where a server may include at least two key management entities, the at least two key management entities are connected in sequence, each key management entity separately manages an ECC key pair, the ECC key pair may include an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, as shown in fig. 4, which is a flowchart of the method, and the method is applied to the server, and includes:
step 401, receiving a data request sent by a client, where the data request includes a ciphertext c and a character string R. Illustratively, the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R.
Step 402, the character string R is sent to a first key management entity, and the first key management entity generates a temporary sub-key based on the character string R and an ECC private key of the key management entity, and sends the temporary sub-key to a next key management entity. And each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity and sends the temporary sub-key to the next key management entity. And the last key management entity generates a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity.
And 403, decrypting the ciphertext c based on the temporary private key v to obtain a symmetric key k, encrypting the target data based on the symmetric key k to obtain encrypted data, and sending a data response to the client, where the data response may include the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
Based on the same application concept as the method described above, another key combination calculation management method is proposed in this embodiment of the present application, where a server may include at least two key management entities, the at least two key management entities are connected in sequence, each key management entity separately manages an ECC key pair, the ECC key pair may include an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, as shown in fig. 5, which is a flowchart of the method, and the method is applied to the client, and includes:
step 501, a temporary public key P is generated based on the random number R, the base point G on the elliptic curve and the ECC public keys of all the key management entities, the randomly generated symmetric key k is encrypted based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and a character string R is generated based on the base point G and the random number R.
Step 502, sending a data request to a server, wherein the data request comprises a ciphertext c and a character string R; so that a first key management entity of the server generates a temporary sub-key based on the character string R and an ECC private key of the key management entity, and sends the temporary sub-key to a next key management entity; each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity; and the last key management entity generates a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity.
Step 503, receiving a data response sent by the server, where the data response may include encrypted data; the encrypted data is obtained by the server side decrypting the ciphertext c based on the temporary private key v to obtain a symmetric key k and encrypting the target data based on the symmetric key k.
And step 504, decrypting the encrypted data based on the symmetric key k to obtain target data.
Based on the same application concept as the method, an embodiment of the present application further provides a key combination calculation management apparatus, where a server includes at least two key management entities, the at least two key management entities are connected in sequence, each key management entity separately manages an elliptic curve cryptography ECC key pair, the ECC key pair includes an ECC private key and an ECC public key, a client stores the ECC public keys of all the key management entities, and the apparatus is applied to the server and is a structure diagram of the apparatus as shown in fig. 6, and the apparatus includes:
a receiving module 61, configured to receive a data request sent by the client, where the data request includes a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
the processing module 62 is configured to send the character string R to a first key management entity, so that the first key management entity generates a temporary sub-key based on the character string R and an ECC private key of the first key management entity, and sends the temporary sub-key to a next key management entity; each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity; enabling the last key management entity to generate a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
a decryption module 63, configured to decrypt the ciphertext c based on the temporary private key v to obtain the symmetric key k, and encrypt the target data based on the symmetric key k to obtain encrypted data;
a sending module 64, configured to send a data response to the client, where the data response includes the encrypted data, so that after the client receives the data response, the client decrypts the encrypted data based on the symmetric key k to obtain the target data.
Based on the same application concept as the method, in an embodiment of the present application, a server device is further provided, where the server device includes at least two key management entities, the at least two key management entities are connected in sequence, each key management entity separately manages an elliptic curve cryptography ECC key pair, the ECC key pair includes an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, and a hardware architecture diagram of the server device is shown in fig. 7, and may include: a processor 71 and a machine-readable storage medium 72, the machine-readable storage medium 72 storing machine-executable instructions executable by the processor 71; the processor 71 is configured to execute machine-executable instructions to implement the methods disclosed in the above examples of the present application. For example, the processor 71 is for executing machine executable instructions to implement the steps of:
receiving a data request sent by a client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
sending the character string R to a first key management entity, generating a temporary sub-key by the first key management entity based on the character string R and an ECC private key of the key management entity, and sending the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypting target data based on the symmetric key k to obtain encrypted data, and sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
Based on the same application concept as the method, embodiments of the present application further provide a machine-readable storage medium, where several computer instructions are stored on the machine-readable storage medium, and when the computer instructions are executed by a processor, the method disclosed in the above example of the present application can be implemented.
The machine-readable storage medium may be, for example, any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A key combination calculation management method is characterized in that a server comprises at least two key management entities which are connected in sequence, each key management entity independently manages an Elliptic Curve Cipher (ECC) key pair, each ECC key pair comprises an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, and the method comprises the following steps:
the client generates a temporary public key P based on the random number R, a base point G on the elliptic curve and ECC public keys of all key management entities, encrypts a randomly generated symmetric key k based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and generates a character string R based on the base point G and the random number R;
the client sends a data request to the server, wherein the data request comprises a ciphertext c and a character string R;
the server side sends the character string R to a first key management entity, the first key management entity generates a temporary sub-key based on the character string R and an ECC private key of the key management entity, and sends the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
and the server decrypts the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypts target data based on the symmetric key k to obtain encrypted data, and sends a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
2. The method of claim 1,
the client generates a temporary public key P by adopting the following formula: p = H (r × pk1) · G + z;
the client generates a character string R by adopting the following formula: r = R · G;
the first key management entity generates a temporary sub-key v by using the following formula1:v1=H(R·s1);
Each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the sum of the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity; the last key management entity generates the temporary private key v based on the sum of the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
where H denotes serializing points on the elliptic curve into a bit string, pk1 denotes the ECC public key of the first key management entity, z denotes the sum of the ECC public keys of all key management entities except the first key management entity, and s1 denotes the ECC private key of the first key management entity;
represents a dot product operation on the elliptic curve, and + represents a dot add operation on the elliptic curve.
3. The method of claim 1, wherein the client manages a device private key and a device public key, and wherein the first key management entity stores the device public key, the method further comprising:
the client signs the ciphertext c and the character string R based on the device private key to obtain a first signature value, and the data request further comprises the first signature value;
the server side also sends the first signature value to a first key management entity; the first key management entity conducts signature verification operation based on the device public key and the first signature value; and if the signature passes the verification, executing the operation of generating a temporary sub-key based on the character string R and the ECC private key of the key management entity.
4. The method of claim 1, wherein after the server encrypts the target data based on the symmetric key k to obtain encrypted data, the method further comprises:
the server signs the encrypted data based on the temporary private key v to obtain a second signature value, and the data response further comprises the second signature value;
after receiving the data response, the client performs signature verification operation based on the temporary public key P and the second signature value; and if the signature verification passes, decrypting the encrypted data based on the symmetric key k to obtain the target data.
5. The method according to any one of claims 1 to 4, wherein, for a plurality of data requests to be sent, a symmetric key k is randomly generated for each data request, and the symmetric key k corresponding to different data requests is different; randomly generating a random number r for each data request, wherein the random numbers r corresponding to different data requests are different; and generating a temporary public key P for each data request, wherein the temporary public keys P corresponding to different data requests are different.
6. The method according to any one of claims 1 to 4,
the at least two key management entities are deployed on the same physical device or different physical devices;
each key management entity stores the ECC key pair of the key management entity through a specified storage medium, and the storage areas of different key management entities for storing the ECC key pair of the key management entity are different.
7. A key combination calculation management method is characterized in that a server comprises at least two key management entities which are connected in sequence, each key management entity independently manages an Elliptic Curve Cipher (ECC) key pair, the ECC key pair comprises an ECC private key and an ECC public key, a client stores the ECC public keys of all the key management entities, and the method is applied to the server and comprises the following steps:
receiving a data request sent by a client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
sending the character string R to a first key management entity, generating a temporary sub-key by the first key management entity based on the character string R and an ECC private key of the key management entity, and sending the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypting target data based on the symmetric key k to obtain encrypted data, and sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
8. A key combination calculation management method is characterized in that a server comprises at least two key management entities which are connected in sequence, each key management entity independently manages an elliptic curve cipher ECC key pair, each ECC key pair comprises an ECC private key and an ECC public key, and a client stores the ECC public keys of all the key management entities, and the method is applied to the client and comprises the following steps:
generating a temporary public key P based on a random number R, a base point G on an elliptic curve and ECC public keys of all key management entities, encrypting a symmetric key k generated randomly based on the temporary public key P to obtain a ciphertext c of the symmetric key k, and generating a character string R based on the base point G and the random number R;
sending a data request to a server, wherein the data request comprises a ciphertext c and a character string R; so that a first key management entity of the server generates a temporary sub-key based on the character string R and an ECC private key of the key management entity, and sends the temporary sub-key to a next key management entity; each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity; the last key management entity generates a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
receiving a data response sent by the server, wherein the data response comprises encrypted data; the encrypted data is obtained by the server side decrypting a ciphertext c based on the temporary private key v to obtain a symmetric key k and encrypting target data based on the symmetric key k;
and decrypting the encrypted data based on the symmetric key k to obtain the target data.
9. A key combination calculation management device is characterized in that a server comprises at least two key management entities, the at least two key management entities are connected in sequence, each key management entity separately manages an Elliptic Curve Cryptography (ECC) key pair, the ECC key pair comprises an ECC private key and an ECC public key, a client stores the ECC public keys of all the key management entities, the device is applied to the server, and the device comprises:
the receiving module is used for receiving a data request sent by the client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
the processing module is used for sending the character string R to a first key management entity so that the first key management entity generates a temporary sub-key based on the character string R and an ECC private key of the key management entity and sends the temporary sub-key to a next key management entity; each key management entity except the first key management entity and the last key management entity generates a temporary sub-key based on the temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sends the temporary sub-key to the next key management entity; enabling the last key management entity to generate a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
the decryption module is used for decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, and encrypting the target data based on the symmetric key k to obtain encrypted data;
and the sending module is used for sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
10. The server-side equipment is characterized by comprising at least two key management entities, wherein the at least two key management entities are connected in sequence, each key management entity independently manages an Elliptic Curve Cryptography (ECC) key pair, the ECC key pair comprises an ECC private key and an ECC public key, a client stores the ECC public keys of all the key management entities, and the server-side equipment comprises: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor; the processor is configured to execute machine executable instructions to perform the steps of:
receiving a data request sent by a client, wherein the data request comprises a ciphertext c and a character string R; the ciphertext c is obtained by encrypting a randomly generated symmetric key k by the client based on a temporary public key P, wherein the temporary public key P is generated by the client based on a random number R, a base point G on an elliptic curve and an ECC public key of all key management entities, and the character string R is generated by the client based on the base point G and the random number R;
sending the character string R to a first key management entity, generating a temporary sub-key by the first key management entity based on the character string R and an ECC private key of the key management entity, and sending the temporary sub-key to a next key management entity; aiming at each key management entity except the first key management entity and the last key management entity, generating a temporary sub-key based on a temporary sub-key sent by the last key management entity and an ECC private key of the key management entity, and sending the temporary sub-key to the next key management entity; aiming at the last key management entity, generating a temporary private key v corresponding to the temporary public key P based on the temporary sub-key sent by the last key management entity and the ECC private key of the key management entity;
decrypting the ciphertext c based on the temporary private key v to obtain the symmetric key k, encrypting target data based on the symmetric key k to obtain encrypted data, and sending a data response to the client, wherein the data response comprises the encrypted data, so that the client decrypts the encrypted data based on the symmetric key k after receiving the data response to obtain the target data.
CN202110539660.7A 2021-05-18 2021-05-18 Key combination calculation management method, device and equipment Active CN113032815B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110539660.7A CN113032815B (en) 2021-05-18 2021-05-18 Key combination calculation management method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110539660.7A CN113032815B (en) 2021-05-18 2021-05-18 Key combination calculation management method, device and equipment

Publications (2)

Publication Number Publication Date
CN113032815A true CN113032815A (en) 2021-06-25
CN113032815B CN113032815B (en) 2021-08-24

Family

ID=76455324

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110539660.7A Active CN113032815B (en) 2021-05-18 2021-05-18 Key combination calculation management method, device and equipment

Country Status (1)

Country Link
CN (1) CN113032815B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020016919A1 (en) * 1998-08-05 2002-02-07 Hewlett-Packard Company Media content protection utilizing public key cryptography
CN107483212A (en) * 2017-08-15 2017-12-15 武汉信安珞珈科技有限公司 A kind of method of both sides' cooperation generation digital signature
CN110022320A (en) * 2019-04-08 2019-07-16 北京深思数盾科技股份有限公司 A kind of communication partner method and communication device
CN110896348A (en) * 2019-11-26 2020-03-20 飞天诚信科技股份有限公司 Method and system for key agreement

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020016919A1 (en) * 1998-08-05 2002-02-07 Hewlett-Packard Company Media content protection utilizing public key cryptography
US6550011B1 (en) * 1998-08-05 2003-04-15 Hewlett Packard Development Company, L.P. Media content protection utilizing public key cryptography
CN107483212A (en) * 2017-08-15 2017-12-15 武汉信安珞珈科技有限公司 A kind of method of both sides' cooperation generation digital signature
CN110022320A (en) * 2019-04-08 2019-07-16 北京深思数盾科技股份有限公司 A kind of communication partner method and communication device
CN110896348A (en) * 2019-11-26 2020-03-20 飞天诚信科技股份有限公司 Method and system for key agreement

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张小红等: "《基于椭圆曲线密码的RFID系统安全认证协议研究》", 《信息网络安全》 *

Also Published As

Publication number Publication date
CN113032815B (en) 2021-08-24

Similar Documents

Publication Publication Date Title
Bogdanov et al. Towards practical whitebox cryptography: optimizing efficiency and space hardness
US8429408B2 (en) Masking the output of random number generators in key generation protocols
US10367637B2 (en) Modular exponentiation with transparent side channel attack countermeasures
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
US11184164B2 (en) Secure crypto system attributes
CN111181720A (en) Service processing method and device based on trusted execution environment
US10700849B2 (en) Balanced encoding of intermediate values within a white-box implementation
JPWO2005041474A1 (en) Authentication system and remote distributed storage system
US11374910B2 (en) Method and apparatus for effecting a data-based activity
KR20020091059A (en) Method of authenticating anonymous users while reducing potential for “middleman” fraud
JP2022533950A (en) Systems and methods for performing equality and less than operations on encrypted data containing quasigroup operations
US9571273B2 (en) Method and system for the accelerated decryption of cryptographically protected user data units
US11637817B2 (en) Method and apparatus for effecting a data-based activity
GB2603495A (en) Generating shared keys
US20240063999A1 (en) Multi-party cryptographic systems and methods
US20190149332A1 (en) Zero-knowledge architecture between multiple systems
US20200313891A1 (en) Generating a plurality of one time tokens
KR102315632B1 (en) System and method for generating scalable group key based on homomorphic encryption with trust server
Chen et al. NIST post-quantum cryptography standardization
CN113032815B (en) Key combination calculation management method, device and equipment
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification
Malik et al. Cloud computing security improvement using Diffie Hellman and AES
CN112583580B (en) Quantum key processing method and related equipment
Huang et al. Continual leakage-resilient hedged public-key encryption
Ramesh et al. HHDSSC: Harnessing healthcare data security in cloud using ciphertext policy attribute-based encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant