KR20160128170A - Device, server and method for providing a secret key encryption and restore - Google Patents
Device, server and method for providing a secret key encryption and restore Download PDFInfo
- Publication number
- KR20160128170A KR20160128170A KR1020150087580A KR20150087580A KR20160128170A KR 20160128170 A KR20160128170 A KR 20160128170A KR 1020150087580 A KR1020150087580 A KR 1020150087580A KR 20150087580 A KR20150087580 A KR 20150087580A KR 20160128170 A KR20160128170 A KR 20160128170A
- Authority
- KR
- South Korea
- Prior art keywords
- key
- secret key
- user
- management server
- terminal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
The present invention relates to terminals, servers and methods for providing secret key encryption and recovery.
A common public-key cryptosystem uses an encryption protocol using a pair of a user's public key and secret key. At this time, the public key should be disclosed to anyone. However, the secret key corresponding to the public key must be known only to the owner of the secret key. In the public key based encryption system, the secret key generated by the user is encrypted with the user's password and stored securely in the user's terminal. Also, when the user uses the public key based encryption protocol, the encrypted secret key is decrypted using the user's password, and then encrypted and stored as a password again after use.
A common public key based encryption system stores a copy of the user secret key in the key management server in case the user's private key is damaged or lost. For example, when a secret key is generated, a user can access a key management server through a terminal to register a secret key or an encrypted secret key. When the secret key is damaged or lost, the user can access the key management server through the terminal and recover the secret key by receiving the registered secret key or the registered encrypted secret key.
In such a general public key based encryption system, when a key management server holds a secret key of a user, a plurality of user private keys managed by the key management server by an external attack such as hacking can be leaked in a large amount. If the user secret key of the key management server is leaked from the payment service and the financial service, the payment information, financial information and personal information of the user may be further leaked through the leaked user secret key.
In addition, when the secret key is encrypted with the user's password and stored in the key management server, the user must reset the password once the password is forgotten. The user's private key is encrypted with the user's existing password and stored in the key management server. When the user re-sets the password, the user must use the reset password so that the encrypted secret key stored in the key management server can not be decrypted. Therefore, when a user loses a password, a common public key based encryption system must discard the encrypted secret key stored in the key management server, and the user must again encrypt the secret key based on the reset password.
As a conventional technique related to a public key based encryption system, there is disclosed in US Patent No. 8995660 (entitled "Cryptographic system, encryption apparatus, key generation apparatus, decryption apparatus, content server, ") Provides a cryptographic communication technique that can be flexibly operated based on a function cryptosystem. Specifically, the present invention extracts attribute information and logical information from input information of a user based on a pair of attribute conversion rule information and logical expression conversion rule information, and uses the extracted information for encryption.
In addition, Korean Patent Laid-Open Publication No. 10-2013-0096575 (entitled "Public key-based group key distribution device and method") discloses a group key distribution method according to a group join request of a new user in a group key management server Lt; / RTI > Specifically, the method includes receiving a message requesting subscription of a specific group encrypted with a user public key and a user secret key from a new user terminal, authenticating the new user terminal by decoding the message, And transmitting the used group key.
It is an object of the present invention to provide a terminal, a server and a method for encrypting a secret key of a user and a secret key and a password of a user.
It should be understood, however, that the technical scope of the present invention is not limited to the above-described technical problems, and other technical problems may exist.
According to a first aspect of the present invention, there is provided a terminal for providing secret key encryption and restoration, which includes a communication module, a memory in which a secret key encryption and restoration program is stored, and a processor for executing the program When the restoration of the user's secret key is requested, the processor restores the secret key requested to be restored based on the restoration information received from the key management server and one or more trusted terminals according to the execution of the program. At this time, the secret key of the user is generated and encrypted by the processor at the request of the user, the reconstruction information is generated corresponding to the secret key, and then transmitted to the key management server and one or more trusted terminals through the communication module.
According to a second aspect of the present invention, there is provided a method for encrypting and recovering a secret key in a terminal, the method comprising: receiving restoration information from a key management server and one or more trusted terminals, respectively, ; And restoring the secret key requested to be restored based on the received restoration information. At this time, the secret key is generated by the terminal and then encrypted, and the reconstruction information is generated corresponding to the secret key, and then transmitted to the key management server and one or more trusted terminals.
The key management server according to the third aspect of the present invention includes a processor for executing a program and a memory storing a communication module, a storage, a secret key encryption and restoration program, and the like. At this time, the processor generates and discloses a public key according to the execution of the program, receives the local key and the reconstruction information encrypted with the public key from the terminal, stores the encrypted local key and the reconstruction information in the storage, And restoration information to the terminal.
According to any one of the above-mentioned tasks, the present invention does not store the user's secret key in a central server such as a key management server, and thus prevents leakage of the user's secret key due to an external attack such as hacking have. According to another aspect of the present invention, when a user loses a secret key, the secret key can be securely restored based on reconstruction information distributed to the trusted terminal.
In addition, the present invention can safely restore an existing secret key even if the user loses the password, so that the user does not need to newly issue a secret key. The present invention can reduce the risk of loss of the secret key when the password is lost. Therefore, the present invention is capable of conveniently resetting the password, and is safe from leakage of important information such as payment information, financial information, and personal information even if the user loses the password.
1 is a block diagram of a process of encrypting a user secret key of a terminal in a general public key encryption protocol.
2 is a block diagram illustrating a process of restoring a user secret key of a terminal in a public key encryption protocol.
3 is a block diagram of a secret key encryption and recovery terminal according to an embodiment of the present invention.
4 is a block diagram of a secret key encryption process of a terminal according to an embodiment of the present invention.
5 is a block diagram of a process of restoring a secret key of a terminal according to an embodiment of the present invention.
6 is a block diagram illustrating a process of regenerating a password of a terminal according to an embodiment of the present invention.
7 is a flowchart of a secret key generation method in a terminal according to an embodiment of the present invention.
8 is a flowchart of a secret key decryption method in a terminal according to an embodiment of the present invention.
9 is a flowchart of a method for recovering a secret key in a terminal according to an embodiment of the present invention.
10 is a flowchart illustrating a method of restoring a password of a terminal according to an embodiment of the present invention.
11 is a block diagram of a key management server that provides secret key encryption and recovery according to one embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly explain the present invention in the drawings, parts not related to the description are omitted.
Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between . Also, when a part is referred to as "including " an element, it does not exclude other elements unless specifically stated otherwise.
Hereinafter, a general secret key encryption and decryption process in the
1 is a block diagram of a secret key encryption process of the UE 110 in a public key encryption protocol.
In order to use a common public key encryption protocol, the
The
When the
As described above, in the general public key encryption protocol, the
2 is a block diagram illustrating a process of restoring a user secret key of the UE 110 in a common public key encryption protocol. .
If the user secret key is lost or corrupted, the
The
The
In addition, when the terminal 110 and the
3 to 7, a description will now be made of a terminal 300 that provides secret key encryption and recovery according to an embodiment of the present invention.
3 is a block diagram of a terminal 300 that provides secret key encryption and recovery according to one embodiment of the present invention.
The terminal 300 according to an exemplary embodiment of the present invention provides encryption and decryption of a user secret key. In addition, the terminal 300 provides a method for safely restoring a user's private key and password when the password is compromised or lost. The terminal 300 includes a
The
The
The
The
4 is a block diagram of a secret key encryption process of the terminal 300 according to an embodiment of the present invention.
When a user secret key generation request (S400) is received from the
The
The
In addition, the
For example, the reconstruction information may be generated based on a Shamir secret sharing technique. The
At this time, the trusted
The trusted terminal aggregation may include a
The process of generating the restoration information will be described in detail.
The restoration parameters p , n and k can be selected. In this case, p is a prime number used in the restored coordinate generation process, and may be larger than the number of the user secret key and theThe
The
The
The
Referring to FIG. 4, if the minimum number of restored coordinate information necessary for restoration is two, the
If there is a problem in the second
In addition, the
In this manner, the
If the
The
If the
5 is a block diagram of a secret key recovery process of the terminal 300 according to an embodiment of the present invention.
If the
The
At this time, if the user local key is corrupted or lost together with the user secret key, the
If the user has tampered with or lost the user's local key, the processor 503 may restore the user's local key in the same way as if the user's local key was compromised or lost, along with the user's secret key.
If a reset of the password is requested from the
6 is a block diagram for explaining a password regeneration process of the terminal 300 according to an embodiment of the present invention.
When the password restoration request of the
If authentication of the
In addition, the
The
The
Next, a secret key encryption and decryption method in the terminal 300 according to an embodiment of the present invention will be described with reference to FIGS. 7 to 10. FIG.
7 is a flowchart of a secret key generation method in a terminal 300 according to an embodiment of the present invention.
Upon receiving the secret key generation request of the user 310 (S700), the terminal 300 generates a user secret key, a user local key, and a password (S710). The terminal 300 may generate and publish a user public key corresponding to the user private key. At this time, the password may be received from the
The terminal 300 can encrypt the user secret key and the user local key (S720). Specifically, the terminal 300 can encrypt a user's local key based on a key management server public key disclosed by the
The terminal 300 may encrypt the user secret key and then generate restoration information for restoring the user secret key (S740). At this time, the reconstruction information may include restored coordinate information and reconstruction parameters described above with reference to FIG.
When the restoration information is generated, the terminal 300 may transmit restoration information to the
FIG. 8 is a flowchart of a secret key decryption method in the terminal 300 according to an embodiment of the present invention.
When the user secret key is encrypted and then the secret key decryption request and password of the
9 is a flowchart of a secret key recovery method in a terminal 300 according to an embodiment of the present invention.
Upon receiving the secret key restoration request of the
The terminal 300 may restore the user secret key based on the restoration parameter received from the
If it is determined that the user's local key has been compromised or lost as well as the user's secret key has been lost (S930), the terminal 300 generates a new user's local key (S960) You can encrypt it. At this time, the terminal 300 can generate a new public key based encryption local key by encrypting the new user local key using the public key of the key management server 320 (S970). The terminal 300 may forward the public key based encryption local key to the
10 is a flowchart of a password recovery method of the terminal 300 according to an embodiment of the present invention.
When the
In response to the authentication request of the terminal 300, the
The terminal 300 may receive the temporary key-based encrypted local key from the key management server 320 (S1020). The terminal 300 may decrypt the user local key based on the received temporary key based encryption local key and the temporary key entered by the
11, a key management server for providing secret key encryption and restoration according to an embodiment of the present invention will be described.
11 is a block diagram of a key management server that provides secret key encryption and recovery according to one embodiment of the present invention.
The
The
The
The
The
In addition, the terminal 300 may generate reconstruction information for restoring the user's private key, and may transmit the reconstruction information to the
When the terminal 300 selects the
Meanwhile, the terminal 300 may request the local key and the restoration information to the
In addition, if the
If authentication of
In addition,
The
The terminal 300, the
The terminal 300, the
One embodiment of the present invention may also be embodied in the form of a recording medium including instructions executable by a computer, such as program modules, being executed by a computer. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium can include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.
While the methods and systems of the present invention have been described in connection with specific embodiments, some or all of those elements or operations may be implemented using a computer system having a general purpose hardware architecture.
It will be understood by those skilled in the art that the foregoing description of the present invention has been presented for illustrative purposes and that those skilled in the art will readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.
300: secret key encryption and restoration terminal
301: Memory
302: Communication module
303: input module
304: Storage
305: Processor
310: User
320: Key management server
330: trusted terminal
Claims (17)
Communication module,
Secret key encryption and restoration program stored memory and
And a processor for executing the program,
Wherein when the restoration of the secret key of the user is requested, the processor restores the secret key requested to be restored based on the restoration information received from the key management server and one or more trusted terminals,
Wherein the secret key of the user is generated and encrypted by the processor at the request of the user,
Wherein the restoration information is generated corresponding to the secret key, and then transmitted to the key management server and the one or more trusted terminals via the communication module.
Wherein the reconstruction information includes one or more restored coordinate information and parameters generated based on the secret key,
Wherein the processor transmits the restored coordinate information to the trusted terminal and transmits the parameter to the key management server.
Wherein the processor transmits the restored coordinate information to the trusted terminals in a number greater than or equal to the number of the one or more restored coordinates.
The processor, when generating the secret key, defines a password,
And decrypting the encrypted secret key based on the defined password when the restoration is requested.
Wherein the processor generates the encrypted secret key based on the password after the secret key is restored.
The processor generates a local key after the secret key is restored,
And generates the encrypted secret key based on the password and the generated local key.
Wherein the processor generates and transmits a local key to the key management server when generating the secret key,
If the reset of the password is requested, transmitting the reset request to the key management server, receiving the local key from the key management server, decrypting the encrypted secret key based on the received local key, And reconstructs the encrypted secret key and the password based on the decrypted secret key.
Further comprising an input module,
Wherein the processor performs decryption of the encrypted secret key based on the local key and a temporary key input from the user through the input module,
Wherein the secret key is generated by the key management server and then received by the user from the key management server.
Receiving restoration information from the key management server and one or more trusted terminals, respectively, in response to a restore request for the user's private key; And
And restoring the secret key requested to be restored based on the received restoration information,
The secret key is encrypted after being generated by the terminal,
Wherein the restoration information is generated corresponding to the secret key, and then transmitted to the key management server and one or more trust terminals.
Wherein the reconstruction information includes one or more restored coordinate information and parameters generated based on the secret key,
The step of delivering to the key management server and the one or more trusted terminals
Transmitting the restored coordinate information to the one or more trusted terminals; And
And transmitting the parameter to the key management server.
Defining a password when generating the secret key;
Encrypting the secret key based on the password; And
And decrypting the encrypted secret key based on the password.
And generating the encrypted secret key based on the recovered secret key and the password after the secret key is recovered.
Generating a local key after the secret key is restored; And
And generating the encrypted secret key based on the password and the generated local key.
Transmitting the reset request to the key management server when the password is requested to be reset;
Receiving a local key from the key management server;
Decrypting the encrypted secret key based on the received local key; And
And regenerating the encrypted secret key and the password based on the decrypted secret key,
Wherein the local key is generated by the terminal when generating the secret key, and then transmitted to the key management server.
Communication module,
storage,
Secret key encryption and restoration program stored memory and
And a processor for executing the program,
Wherein the processor receives the local key and the restoration information from the terminal according to the execution of the program, stores the local key and the restoration information in the storage,
Wherein the key management server transmits at least one of the local key and the restoration information stored in the storage to the terminal according to a request from the terminal.
Wherein the processor performs authentication for a user corresponding to the terminal according to a request of the terminal,
And transmits the encrypted local key to the terminal when the authentication is successful.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/140,742 US10020939B2 (en) | 2015-04-28 | 2016-04-28 | Device, server and method for providing secret key encryption and restoration |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150059763 | 2015-04-28 | ||
KR20150059763 | 2015-04-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160128170A true KR20160128170A (en) | 2016-11-07 |
Family
ID=57529975
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150087580A KR20160128170A (en) | 2015-04-28 | 2015-06-19 | Device, server and method for providing a secret key encryption and restore |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160128170A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20180131056A (en) * | 2017-05-31 | 2018-12-10 | 삼성에스디에스 주식회사 | System for managing encryption keys for cloud services |
KR20200020736A (en) * | 2017-06-20 | 2020-02-26 | 엔체인 홀딩스 리미티드 | System and method for multi-round token distribution using blockchain network |
-
2015
- 2015-06-19 KR KR1020150087580A patent/KR20160128170A/en not_active Application Discontinuation
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20180131056A (en) * | 2017-05-31 | 2018-12-10 | 삼성에스디에스 주식회사 | System for managing encryption keys for cloud services |
US10893032B2 (en) | 2017-05-31 | 2021-01-12 | Samsung Sds Co., Ltd. | Encryption key management system for cloud services |
KR20200020736A (en) * | 2017-06-20 | 2020-02-26 | 엔체인 홀딩스 리미티드 | System and method for multi-round token distribution using blockchain network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10020939B2 (en) | Device, server and method for providing secret key encryption and restoration | |
CN113656806B (en) | Trusted starting method and device of block chain all-in-one machine | |
US9813414B2 (en) | Password-based management of encrypted files | |
US20200034550A1 (en) | System and method to protect data privacy of lightweight devices using blockchain and multi-party computation | |
JP7454564B2 (en) | Methods, user devices, management devices, storage media and computer program products for key management | |
JP2022133423A (en) | Encrypted asset encryption key parts allowing for assembly of asset encryption key using subset of the encrypted asset encryption key parts | |
JP4902207B2 (en) | System and method for managing multiple keys for file encryption and decryption | |
EP2876857B1 (en) | Secure access for encrypted data | |
US20200259637A1 (en) | Management and distribution of keys in distributed environments | |
US20070039046A1 (en) | Proof of execution using random function | |
CN110557248B (en) | Secret key updating method and system based on signcryption of certificateless cryptography | |
CN112118245B (en) | Key management method, system and equipment | |
US20150143107A1 (en) | Data security tools for shared data | |
US10116442B2 (en) | Data storage apparatus, data updating system, data processing method, and computer readable medium | |
CN103812927A (en) | Storage method | |
JP2023008395A (en) | Secure, robust federated learning system by multi-party type homomorphic encryption and federated learning method | |
CN111191217A (en) | Password management method and related device | |
KR20160128170A (en) | Device, server and method for providing a secret key encryption and restore | |
US20220407690A1 (en) | Key ladder generating a device public key | |
KR20200080011A (en) | System and method for distributing and storing data | |
CN113282945B (en) | Intelligent lock authority management method and device, electronic equipment and storage medium | |
CN114329390A (en) | Financial institution database access password protection method and system | |
KR101595056B1 (en) | System and method for data sharing of intercloud enviroment | |
KR101936955B1 (en) | The method of backing up and restoring secret information utilizing asymmetric application of Diffie-Hellman and elliptic curve Diffie-Hellman algorithm | |
JP7159747B2 (en) | Electronic file creation device, electronic data processing device, electronic data management system, electronic data management method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E601 | Decision to refuse application |