WO2020172889A1 - Key management method in which clients separately generate key components, and electronic device - Google Patents

Key management method in which clients separately generate key components, and electronic device Download PDF

Info

Publication number
WO2020172889A1
WO2020172889A1 PCT/CN2019/076587 CN2019076587W WO2020172889A1 WO 2020172889 A1 WO2020172889 A1 WO 2020172889A1 CN 2019076587 W CN2019076587 W CN 2019076587W WO 2020172889 A1 WO2020172889 A1 WO 2020172889A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
clients
server
components
client
Prior art date
Application number
PCT/CN2019/076587
Other languages
French (fr)
Chinese (zh)
Inventor
颜泽
谢翔
傅志敬
孙立林
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Priority to PCT/CN2019/076587 priority Critical patent/WO2020172889A1/en
Publication of WO2020172889A1 publication Critical patent/WO2020172889A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This application belongs to the field of information security technology, and in particular relates to a key management method and electronic equipment for each client to generate key components.
  • a key server generally generates the key, and then distributes the generated key to the key users. This will inevitably increase the burden on the key server, and because a single key server The key server generates all key generation rules, which are specified and maintained by the key server itself, which is not flexible.
  • the purpose of this application is to provide a key management method and electronic device for each client to generate key components, which can effectively improve the security of the key management system and the flexibility of key management.
  • the present application provides a key management method and electronic device for generating key components by each client, which is implemented as follows:
  • a key management method for each client to generate key components is applied to a key management system, wherein the key management system includes: N clients and a key server, and the method includes:
  • the N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
  • the N clients and the key server establish a secure channel according to the authentication material
  • Each of the N clients generates their own corresponding key components to obtain N key components;
  • the N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and all
  • the key server includes:
  • the N clients calculate the public key components according to the key components generated by them, and obtain N public key components;
  • a client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encrypted component pair
  • the first key subcomponent and the public key component are encrypted to obtain N-1 key ciphertexts and N-1 public key ciphertexts;
  • the first client decrypts the N-1 key ciphertext and N-1 public key ciphertext to obtain N-1 key subcomponents and N-1 public key components, and use all The encrypted component signs the N-1 public key components to obtain N-1 signature components;
  • the first client and the key server initiate an MPC calculation through the secure channel to obtain a target public key, and return the target public key to the N clients and the key server.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
  • the first client initiates a signature request, wherein the signature request carries data to be signed;
  • a client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encrypted component pair
  • the first key subcomponent is encrypted to obtain N-1 key ciphertexts
  • Clients other than the first client among the N clients send the N-1 key ciphertext and N-1 second key subcomponent plaintext to the key server;
  • the first client decrypts the N-1 key ciphertext to obtain N-1 key subcomponents
  • the first client and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and return the signature result to the N clients and the key server.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
  • Each of the N clients obtains a backup key through a backup method
  • the key server verifies the correctness of the hash value, and returns the target public key if the verification is passed.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and all
  • the key server includes:
  • the key server generates a service key component
  • the N clients and the key server initiate an MPC calculation through the secure channel, and the target public key is obtained by calculation.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
  • the first client initiates a signature request, where the signature request carries data to be signed, and the first client is one of the N clients;
  • the N clients and the key server initiate MPC calculations through the secure channel, sign the data to be signed, and verify the correctness of the signature result through the target public key.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
  • the N clients and the key server initiate an MPC calculation through the secure channel to obtain N+1 backup key components, and sign the N+1 backup key components to obtain N+ 1 backup signature component;
  • the N clients and the key server verify the validity of the received backup signature component through the target public key, and if the verification is passed, save the received backup key component.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
  • Clients other than the restore requester among the N clients obtain their own backup key components through a backup method
  • the N clients and the key server initiate an MPC calculation to generate a verification public key through the secure channel, and determine whether the verification public key is the same as the target public key, and if it is determined to be the same, proceed MPC calculates to obtain N+1 restoration key components, and signs the N+1 restoration key components to obtain N+1 restoration signature components;
  • the N clients and the key server verify the validity of the received restoration signature component through the target public key, and if the verification is passed, update and save the received restoration key component.
  • the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
  • the N clients and the key server initiate an MPC calculation through the secure channel to obtain N+1 refresh key components, and sign the N+1 refresh key components to obtain N+ 1 refresh signature component;
  • the N clients and the key server verify the validity of the received refresh signature component through the target public key, and if the verification passes, save the received refresh key component.
  • An electronic device includes a processor and a memory for storing executable instructions of the processor, and the processor implements the steps of the following method when executing the instructions:
  • the N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
  • the N clients and the key server establish a secure channel according to the authentication material
  • Each of the N clients generates their own corresponding key components to obtain N key components;
  • the N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
  • a computer-readable storage medium having computer instructions stored thereon, which implement the steps of the following method when the instructions are executed:
  • the N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
  • the N clients and the key server establish a secure channel according to the authentication material
  • Each of the N clients generates their own corresponding key components to obtain N key components;
  • the N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
  • This application provides a key management method and electronic device for each client to generate a key component.
  • Each client in the key management system generates its own key component locally, and finally generates a target public key based on the key component to achieve Key generation.
  • Figure 1 is an architectural diagram of the key system provided by this application.
  • FIG. 2 is a flowchart of a key management method for a client to generate key components for each client provided by this application;
  • FIG. 3 is a schematic diagram of the interaction of the key generation of Example 1 provided by this application.
  • FIG. 4 is a schematic diagram of the interaction of the key usage of Example 1 provided by the present application.
  • FIG. 5 is a schematic diagram of the interaction of the key backup of Example 1 provided by this application.
  • Example 6 is a schematic diagram of the interaction of the key recovery of Example 1 provided by this application.
  • FIG. 7 is a schematic diagram of the interaction of the key generation of Example 2 provided by this application.
  • FIG. 8 is a schematic diagram of the interaction of the key usage of Example 2 provided by this application.
  • FIG. 9 is a schematic diagram of the interaction of the key backup of Example 2 provided by the present application.
  • FIG. 10 is a schematic diagram of the interaction of the key recovery of Example 2 provided by this application.
  • FIG. 11 is a schematic diagram of the interaction of the key refresh of Example 2 provided by the present application.
  • FIG. 12 is a schematic diagram of the structure of the electronic device provided by the present application.
  • each client in the key management system generates its own key component locally, which is finally based on The key component generates the target public key to achieve key generation.
  • the client and the key server use these key components to perform operations such as signing and updating, thereby improving the flexibility of key generation and the security of the key.
  • the key management method for each client to generate a key component is applied to a key management system.
  • the key management system may be as shown in Figure 1, including: N clients and a key server , Where N is a positive integer greater than or equal to 2.
  • Fig. 2 is a method flowchart of an embodiment of a key management method for each client to generate a key component according to the present application.
  • this application provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or fewer operation steps or module units based on conventional or no creative labor. .
  • the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the description of the embodiments of this application and the drawings.
  • the described method or module structure is applied to an actual device or terminal product, it can be executed sequentially or in parallel according to the method or module structure connection shown in the embodiments or drawings (for example, parallel processor or multi-threaded processing Environment, even distributed processing environment).
  • a key management method for each client to generate key components may include the following steps:
  • Step 201 N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
  • the above-mentioned client is a key user, including but not limited to App, application server, etc.
  • the specific form of the client can be selected according to actual needs, and this application does not limit this.
  • the above-mentioned key server is a key service party and is used to provide key related services.
  • Step 202 N clients and the key server establish a secure channel according to the authentication material
  • the above-mentioned secure channel may be established after completing mutual authentication based on KYC (Know your customer, identity confirmation procedure).
  • the identity confirmation procedure may include but is not limited to at least one of the following: mobile phone short message, email verification code, account password, fingerprint, face, certificate, etc.
  • Step 203 N clients each generate their own corresponding key components to obtain N key components;
  • Client 1 generates key components SK1, S3: Clients 2 to n locally generate key components SK2 to n.
  • Step 204 N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
  • the target public key may be generated by a two-party MPC (Secure Multi-Party Computation), or the target public key may be generated by a multi-party MPC.
  • Two-party MPC means that any two of the devices perform MPC calculations
  • multi-party MPC means that all devices in the device participate in MPC calculations.
  • MPC is how two millionaires can compare who is richer without revealing their true property status without a trusted third party. MPC can ensure the data security of all parties, and at the same time, jointly use the data of all parties to achieve specific effects, so as to give full play to the value of data. Multiple participants holding their own private data jointly execute a calculation logic calculation logic (such as a maximum value calculation) and obtain the calculation result. However, in the process, each party participating in the calculation will not leak their own data, which is called MPC calculation. MPC calculation can design the protocol without relying on a trusted third party. Secure multi-party computing can be abstractly understood as: two parties have their own private data, and can calculate the result of the public function without leaking their private data. When the entire calculation is completed, only the calculation result is known to both parties, and neither party knows the other's data and the intermediate data of the calculation process.
  • the key component and target private key generated by the two-party MPC may include the following steps:
  • N clients calculate the public key components according to the key components they generate, and obtain N public key components;
  • S2 Select a client from the N clients as the first client, where the first client is an MPC computing party, and the public key component generated by the first client is used as an encryption component;
  • a client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and passes the encryption The component encrypts the first key subcomponent and the public key component to obtain N-1 key ciphertexts and N-1 public key ciphertexts;
  • S4 Send the N-1 key ciphertext and N-1 public key ciphertext to the key server;
  • the key server sends the N-1 key ciphertext, N-1 first key subcomponent plaintext, and N-1 public key ciphertext to the first client through a secure channel;
  • S6 The first client decrypts the N-1 key ciphertext and N-1 public key ciphertext to obtain N-1 key subcomponents and N-1 public key components, and use all The encrypted component signs the N-1 public key components to obtain N-1 signature components;
  • S7 The first client and the key server initiate an MPC calculation through the secure channel to obtain a target public key, and return the target public key to the N clients and the key server.
  • S1 The first client initiates a signature request, where the signature request carries data to be signed;
  • a client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encryption component pair
  • the first key subcomponent is encrypted to obtain N-1 key ciphertexts
  • the key server sends the N-1 key ciphertext to the first client through a secure channel
  • S5 The first client decrypts the N-1 key ciphertext to obtain N-1 key subcomponents
  • S6 The first client and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and return the signature result to the N clients and the key server.
  • the key component After generating the key component and the target private key through the two-party MPC, the key component can be backed up as follows:
  • S2 Calculate the hash value of the backup key, and send the hash value to the key server;
  • S3 The key server verifies the correctness of the hash value, and returns the target public key if the verification is passed.
  • Generating key components through multi-party MPC may include the following steps:
  • the first client initiates a signature request, where the signature request carries data to be signed, and the first client is one of the N clients;
  • N clients and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and verify the correctness of the signature result through the target public key.
  • N clients and the key server initiate MPC calculation through the secure channel to obtain N+1 backup key components (or refresh key components), and back up the N+1 copies Sign the key component (or refresh key component) to obtain N+1 backup signature components (or refresh signature components);
  • S2 Send the N+1 backup key components (or refresh key components) and N backup signature components (or refresh signature components) to each of the N clients in a one-to-one correspondence And key server;
  • N clients and the key server verify the validity of the received backup signature component (or refresh signature component) through the target public key, and if the verification is passed, save the received backup key component (Or refresh the key component).
  • S1 Receive a recovery request from a recovery requester, where the recovery requester is one of the N clients, and the recovery request carries the key component of the recovery requester and the target Public key
  • N clients and the key server initiate MPC calculation to generate a verification public key through the secure channel, and determine whether the verification public key is the same as the target public key, and if it is determined to be the same, proceed MPC calculates to obtain N+1 restoration key components, and signs the N+1 restoration key components to obtain N+1 restoration signature components;
  • S4 Send N+1 restoration key components and the N+1 restoration signature components to the N clients and the key server in a one-to-one correspondence;
  • N clients and the key server verify the validity of the received restoration signature component through the target public key, and if the verification is passed, update and save the received restoration key component.
  • a method for key management based on secure two-party calculations generated and kept by multiple clients on a server is provided. Specifically, different clients independently generate key components and finally use two-party MPC to generate public keys. , Through the two-party MPC using the client and the key server to calculate the signature.
  • operations such as key generation, use, storage, backup, and restoration in the key management system can be performed as follows:
  • Client 1 generates key component SK1, and calculates public key PK1 through SK1;
  • Clients 2 to n obtain the generation request of client 1 through query respectively, and locally generate key components SK2 to n, and calculate public keys PK2 to n;
  • S4 Clients 2 ⁇ n complete mutual authentication with the key server through KYC respectively to complete the registration operation, then split SK2 into SK2-1 and SK2-2, and encrypt SK2-1 and PK2 with PK1. And send PK1 (SK2-1) ciphertext, PK1 (PK2) ciphertext and SK2-2 plaintext to the key server.
  • SKn is split into SKn-1 and SKn-2, SKn-2 and PKn are encrypted with PK1, and PK1 (SKn-1) ciphertext, PK1 (PKn) ciphertext and SKn-2 are transmitted in plaintext.
  • the key server sends the cipher text information PK1(SK2-1), PK1(SK3-1)...PK1(Skn-1) and PK1(PK2)...PK1(PKn) through the secure channel Client 1
  • S6 Client 1 decrypts to obtain SK2-1, SK3-1...SKn-1 and PK2, PK3...PKn, and then signs PK2...PKn with SK1 to obtain signature content S2...Sn;
  • Client 1 sends PK2...PKn plaintext and signatures S2...Sn to the key server for storage;
  • S8 The client 1 and the key server authenticate through the authentication material and establish a secure channel, and initiate MPC calculation: calculate the private key SK through the key components SK1 to n, and calculate the public key PK through the private key SK. And return the public key PK to the client and the key server and save them separately. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during calculation or during use), and SK1 ⁇ n did not appear in the process of computing interaction (that is, not in the network Layer transmission SK1-n is used for calculation).
  • Client 1 initiates a signature request and provides the public key PK as a unique identifier and data to be signed;
  • S2 The client 2 ⁇ n and the key server complete mutual authentication through KYC and establish a secure channel. Then, SK2 is split into SK2-1 and SK2-2, and SK2-1 is encrypted using PK1. And send the ciphertext of PK1 (SK2-1) and the plaintext of SK2-2 to the key server.
  • SKn is split into SKn-1 and SKn-2, SKn-2 is encrypted with PK1, and the ciphertext of PK1 (SKn-1) and SKn-2 are transmitted to the key server;
  • the key server sends the cipher text information PK1 (SK2-1), PK1 (SK3-1)...PK1 (Skn-1) to the client 1 through the secure channel;
  • S4 Client 1 decrypts to obtain SK2-1, SK3-1...SKn-1;
  • S5 The client 1 and the key server establish a secure channel through authentication material authentication, and initiate MPC calculation: the private key SK is calculated through the key components SK1 to n, and the private key SK is used to sign the data to be signed. Return the signature to the client and the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during calculation or during use), and SK1 ⁇ n did not appear in the process of computing interaction (that is, not in the network Layer transmission SKs, SK1 ⁇ n are used for calculation).
  • the key or key component can be stored in one of the following forms, but not limited to:
  • Database Save the key or key component through the database, where the key or key component can be encrypted and stored;
  • Key file save the key or key component by exporting the key file, where the key or key component can be encrypted and stored;
  • HSM Save the key or key component through the hardware security module, where the key or key component can be encrypted and stored;
  • Mnemonic Convert the key and the key component to generate a series of mnemonics for storage
  • Two-dimensional code The corresponding two-dimensional code is generated by the key or key component for storage, where the key or key component can be encrypted and stored.
  • S1 The client obtains the backup key through the backup method, and sends the key calculation hash value to the key server to initiate a key recovery request;
  • the key server After receiving the recovery request, the key server verifies the correctness of the hash value, and if it is correct, returns the public key PK.
  • a method for key management based on secure multi-party calculations generated and stored by multiple clients on a server is provided.
  • multiple clients and key servers respectively generate private key components through MPC calculations.
  • the public key uses multiple clients and key servers to calculate the signature through MPC, and uses the private key component of a certain client to perform MPC calculation to refresh the components of multiple clients and key servers.
  • operations such as key generation, use, storage, backup, restoration, and refresh in the key management system can be performed as follows:
  • S1 The client and the key server complete two-way authentication through KYC, and issue authentication materials to complete the registration process;
  • Clients generate and save key components respectively, for example: client 1 generates key component SK1, client 2 generates key component SK2; and so on, client n generates key component SKn;
  • S4 The client and the key server establish a secure channel through authentication material authentication, and initiate MPC calculation: calculate the private key SK through the key components SKs, SK1 ⁇ n, and calculate the public key PK through the private key SK.
  • the public key is returned to the client and the key server, and the client and the key server are stored separately. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during calculation or during use), and SKa and SK1 ⁇ n did not appear in the calculation interaction process (that is, no SKs, SK1 ⁇ n are transmitted at the network layer for calculation).
  • Client 1 initiates a signature request and provides the public key PK as a unique identifier and data to be signed;
  • S3 The client and the key server initiate an MPC calculation through a secure channel: perform a signature operation on the data to be signed, and verify the correctness of the signature through the PK public key.
  • the key or key component can be stored in one of the following forms, but not limited to:
  • Database Save the key or key component through the database, where the key or key component can be encrypted and stored;
  • Key file save the key or key component by exporting the key file, where the key or key component can be encrypted and stored;
  • HSM Save the key or key component through the hardware security module, where the key or key component can be encrypted and stored;
  • Mnemonic Convert the key and the key component to generate a series of mnemonics for storage
  • Two-dimensional code The corresponding two-dimensional code is generated by the key or key component for storage, where the key or key component can be encrypted and stored.
  • Client 1 initiates a backup key request, completes two-way authentication through KYC and establishes a secure channel;
  • S2 The client and the key server initiate MPC calculations through a secure channel: generate a private key SK, and generate SK1 ⁇ SKn+1 through the secret sharing algorithm, use SK to sign SK1 ⁇ SKn+1, and generate signatures S1 ⁇ Sn+1 . Distribute the signatures to different key servers and clients. For example: issue SK1, S1 to client 1; issue SK2, S2 to client 2; and so on, issue SKn, Sn to client n; SKn+1, Sn+1 to the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during the calculation process or during use);
  • Each client and key server verifies the validity of the received signature component through the previously stored public key PK, and if it is valid, saves the received key component for backup.
  • Clients 2 to n receive the key recovery request initiated by client 1 and agree. Then each obtain the backup key through the backup method, and provide SK2 ⁇ SKn to cooperate with the recovery key;
  • S4 The client and the key server initiate an MPC calculation through the secure channel to verify whether the backup component is correct: calculate the private key SK, and generate the public key PK through the SK. If the PK is the same as the stored PK, the verification is passed. If the verification is passed, the MPC calculates the recovery key component: calculates the private key SK, generates SK1 ⁇ SKn+1 through the secret sharing algorithm, and uses SK to sign SK1 ⁇ SKn+1 to generate signatures S1 ⁇ Sn+1.
  • Send the signatures to different clients and key servers for example: send SK1 and S1 to client 1; send SK2 and S2 to client 2; and so on, send SKn and Sn to client n ; SKn+1, Sn+1 to the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during the calculation process or during use);
  • Each client and the key server verify the validity of the signature through the previously stored public key PK, and if it is valid, update and save the key component.
  • S1 The client or key server initiates a key refresh request, completes two-way authentication through KYC and establishes a secure channel;
  • S2 The client and the key server initiate MPC calculations through a secure channel: generate a private key SK, and generate SK1 ⁇ SKn+1 through the secret sharing algorithm, use SK to sign SK1 ⁇ SKn+1, and generate signatures S1 ⁇ Sn+1 .
  • Send the signatures to different clients and key servers for example: send SK1 and S1 to client 1; send SK2 and S2 to client 2; and so on, send SKn and Sn to client n ; SKn+1, Sn+1 to the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (whether in the calculation process or in use);
  • Each client and the key server verify the validity of the signature through the previously stored public key PK, and if it is valid, update and save the key component.
  • FIG. 12 is a hardware structural block diagram of an electronic device of a key management method for each client to generate a key component in an embodiment of the present invention.
  • the electronic device 10 may include one or more (only one is shown in the figure) processor 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) , A memory 104 for storing data, and a transmission module 106 for communication functions.
  • the structure shown in FIG. 12 is only for illustration, and does not limit the structure of the above electronic device.
  • the electronic device 10 may also include more or fewer components than those shown in FIG. 12, or have a different configuration from that shown in FIG.
  • the memory 104 can be used to store software programs and modules of application software, such as the program instructions/modules corresponding to the key management method for generating key components of the client in the embodiment of the present invention.
  • the processor 102 runs the program stored in the memory 104 Software programs and modules to execute various functional applications and data processing, that is, to implement the key management method of each client generating the key components of the above-mentioned application.
  • the memory 104 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory.
  • the memory 104 may further include a memory remotely provided with respect to the processor 102, and these remote memories may be connected to the computer terminal 10 via a network.
  • networks include but are not limited to the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
  • the transmission module 106 is used to receive or send data via a network.
  • the above-mentioned specific examples of the network may include a wireless network provided by the communication provider of the computer terminal 10.
  • the transmission module 106 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station so as to communicate with the Internet.
  • the transmission module 106 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
  • RF radio frequency
  • the embodiment of the present application also provides a specific implementation manner of an electronic device that can implement all the steps in the key management method for each client generating a key component in the foregoing embodiment, and the electronic device specifically includes the following content: a processor (processor), memory (memory), communication interface (Communications Interface), and bus; wherein the processor, memory, and communication interface communicate with each other through the bus; the processor is used to call the A computer program, when the processor executes the computer program, all the steps in the key management method for each client generating a key component in the above embodiments are implemented. For example, when the processor executes the computer program, the following The steps described:
  • Step 1 N clients and the key server complete the mutual authentication through the identity confirmation procedure, and issue authentication materials;
  • Step 2 The N clients and the key server establish a secure channel according to the authentication material
  • Step 3 The N clients each generate their own key components to obtain N key components;
  • Step 4 The N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and the key server.
  • each client in the key management system generates its own key component locally, which is finally based on the key component Generate the target public key to achieve key generation.
  • the embodiment of the present application also provides a computer-readable storage medium capable of implementing all the steps in the key management method for each client generating a key component in the above-mentioned embodiment, and the computer-readable storage medium stores a computer program
  • the computer program When the computer program is executed by the processor, all the steps of the key management method for the client to generate key components in the above embodiments are implemented. For example, when the processor executes the computer program, the following steps are implemented:
  • Step 1 N clients and the key server complete the mutual authentication through the identity confirmation procedure, and issue authentication materials;
  • Step 2 The N clients and the key server establish a secure channel according to the authentication material
  • Step 3 The N clients each generate their own key components to obtain N key components;
  • Step 4 The N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and the key server.
  • each client in the key management system generates its own key component locally, which is finally based on the key component Generate the target public key to achieve key generation.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • Computers, wearable devices, or any combination of these devices may be specifically implemented by computer chips or entities, or implemented by products with certain functions.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • each module can be implemented in the same one or more software and/or hardware, or a module that implements the same function can be implemented by a combination of multiple sub-modules or sub-units.
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • controllers in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in the controller for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • the embodiments of this specification can be provided as methods, systems or computer program products. Therefore, the embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of this specification may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • the embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Abstract

Provided are a key management method in which clients separately generate key components, and an electronic device, being applied to a key management system. The key management system comprises N clients and a key server. The method comprises: the N clients and the key server perform mutual authentication by means of an identity confirmation program, and transmit authentication material; the N clients and the key server establish secure channels on the basis of the authentication material; the N clients separately generate key components that correspond to N clients, thereby obtaining N key components; the N clients and the key server calculate and obtain a target public key on the basis of the N key components, and return the target public key to the N clients and the key server. The method described above solves the problem of existing key management having low security and flexibility, and achieves the technical effect of efficiently enhancing key security and flexibility.

Description

客户端各自生成密钥分量的密钥管理方法和电子设备Key management method and electronic device for generating key components separately by clients 技术领域Technical field
本申请属于信息安全技术领域,尤其涉及一种客户端各自生成密钥分量的密钥管理方法和电子设备。This application belongs to the field of information security technology, and in particular relates to a key management method and electronic equipment for each client to generate key components.
背景技术Background technique
目前,针对密钥服务系统而言,一般都是由一个密钥服务器生成密钥,然后将生成的密钥分发给密钥使用方,这样势必会增加密钥服务器的负担,且因为是由单一密钥服务器生成的,导致所有的密钥生成规则都是密钥服务器自身指定和维护的,灵活性不高。At present, for the key service system, a key server generally generates the key, and then distributes the generated key to the key users. This will inevitably increase the burden on the key server, and because a single key server The key server generates all key generation rules, which are specified and maintained by the key server itself, which is not flexible.
针对现有的密钥系统中所存在的上述问题,目前尚未提出有效的解决方案。Aiming at the above-mentioned problems existing in the existing key system, no effective solution has been proposed at present.
发明内容Summary of the invention
本申请目的在于提供一种客户端各自生成密钥分量的密钥管理方法和电子设备,可以有效提升密钥管理系统的安全性和密钥管理的灵活性。The purpose of this application is to provide a key management method and electronic device for each client to generate key components, which can effectively improve the security of the key management system and the flexibility of key management.
本申请提供一种客户端各自生成密钥分量的密钥管理方法和电子设备是这样实现的:The present application provides a key management method and electronic device for generating key components by each client, which is implemented as follows:
一种客户端各自生成密钥分量的密钥管理方法,应用于密钥管理系统中,其中,所述密钥管理系统包括:N个客户端和一个密钥服务器,所述方法包括:A key management method for each client to generate key components is applied to a key management system, wherein the key management system includes: N clients and a key server, and the method includes:
所述N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;The N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
所述N个客户端与所述密钥服务器根据所述认证材料建立安全通道;The N clients and the key server establish a secure channel according to the authentication material;
所述N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Each of the N clients generates their own corresponding key components to obtain N key components;
所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。The N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
在一个实施方式中,所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器,包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and all The key server includes:
所述N个客户端根据各自生成的密钥分量,计算出公钥分量,得到N份公钥分量;The N clients calculate the public key components according to the key components generated by them, and obtain N public key components;
从所述N个客户端中选择一个客户端作为第一客户端,其中,所述第一客户端为MPC计算方,所述第一客户端生成的公钥分量作为加密分量;Selecting a client from the N clients as the first client, where the first client is an MPC computing party, and the public key component generated by the first client is used as an encryption component;
所述N个客户端中除所述第一客户端之外的客户端将自身生成的密钥分量拆分为第 一密钥子分量和第二密钥子分量,并通过所述加密分量对第一密钥子分量和公钥分量进行加密,得到N-1份密钥密文和N-1份公钥密文;A client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encrypted component pair The first key subcomponent and the public key component are encrypted to obtain N-1 key ciphertexts and N-1 public key ciphertexts;
将所述N-1份密钥密文和N-1份公钥密文发送给所述密钥服务器;Sending the N-1 key ciphertext and N-1 public key ciphertext to the key server;
所述密钥服务器通过安全信道将所述N-1份密钥密文、N-1份第一密钥子分量明文和N-1份公钥密文发送给所述第一客户端;Sending, by the key server, the N-1 key ciphertext, N-1 first key subcomponent plaintext, and N-1 public key ciphertext to the first client through a secure channel;
所述第一客户端对所述N-1份密钥密文和N-1份公钥密文进行解密,得到N-1份密钥子分量和N-1份公钥分量,并使用所述加密分量对所述N-1份公钥分量进行签名,得到N-1份签名分量;The first client decrypts the N-1 key ciphertext and N-1 public key ciphertext to obtain N-1 key subcomponents and N-1 public key components, and use all The encrypted component signs the N-1 public key components to obtain N-1 signature components;
所述第一客户端与所述密钥服务器通过所述安全信道,发起MPC计算,得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。The first client and the key server initiate an MPC calculation through the secure channel to obtain a target public key, and return the target public key to the N clients and the key server.
在一个实施方式中,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
所述第一客户端发起签名请求,其中,所述签名请求中携带有待签名数据;The first client initiates a signature request, wherein the signature request carries data to be signed;
所述N个客户端中除所述第一客户端之外的客户端将自身生成的密钥分量拆分为第一密钥子分量和第二密钥子分量,并通过所述加密分量对第一密钥子分量进行加密,得到N-1份密钥密文;A client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encrypted component pair The first key subcomponent is encrypted to obtain N-1 key ciphertexts;
所述N个客户端中除所述第一客户端之外的客户端将所述N-1份密钥密文和N-1份第二密钥子分量明文发送给所述密钥服务器;Clients other than the first client among the N clients send the N-1 key ciphertext and N-1 second key subcomponent plaintext to the key server;
所述密钥服务器通过安全信道将所述N-1份密钥密文发送给所述第一客户端;Sending, by the key server, the N-1 key ciphertext to the first client through a secure channel;
所述第一客户端对所述N-1份密钥密文进行解密,得到N-1份密钥子分量;The first client decrypts the N-1 key ciphertext to obtain N-1 key subcomponents;
所述第一客户端与所述密钥服务器通过所述安全信道,发起MPC计算,对所述待签名数据进行签名,并将签名结果返回所述N个客户端和所述密钥服务器。The first client and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and return the signature result to the N clients and the key server.
在一个实施方式中,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
所述N个客户端中的各客户端通过备份方式获取备份密钥;Each of the N clients obtains a backup key through a backup method;
计算所述备份密钥的哈希值,并将所述哈希值发送至所述密钥服务器;Calculating the hash value of the backup key, and sending the hash value to the key server;
所述密钥服务器验证所述哈希值的正确性,在验证通过的情况下,返回所述目标公钥。The key server verifies the correctness of the hash value, and returns the target public key if the verification is passed.
在一个实施方式中,所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器,包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and all The key server includes:
所述密钥服务器生成服务密钥分量;The key server generates a service key component;
所述N个客户端与所述密钥服务器通过所述安全信道,发起MPC计算,计算得到目标公钥。The N clients and the key server initiate an MPC calculation through the secure channel, and the target public key is obtained by calculation.
在一个实施方式中,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
第一客户端发起签名请求,其中,所述签名请求中携带有待签名数据,所述第一客户端为所述N个客户端中的一个客户端;The first client initiates a signature request, where the signature request carries data to be signed, and the first client is one of the N clients;
所述N个客户端与所述密钥服务器通过所述安全信道,发起MPC计算,对所述待签名数据进行签名,并通过所述目标公钥验证签名结果的正确性。The N clients and the key server initiate MPC calculations through the secure channel, sign the data to be signed, and verify the correctness of the signature result through the target public key.
在一个实施方式中,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
所述N个客户端和所述密钥服务器,通过所述安全信道,发起MPC计算得到N+1份备份密钥分量,并对所述N+1份备份密钥分量进行签名,得到N+1份备份签名分量;The N clients and the key server initiate an MPC calculation through the secure channel to obtain N+1 backup key components, and sign the N+1 backup key components to obtain N+ 1 backup signature component;
将所述N+1份备份密钥分量和N份备份签名分量,一一对应地下发至所述N个客户端中的各个客户端和密钥服务器;Sending the N+1 backup key components and N backup signature components in a one-to-one correspondence to each of the N clients and the key server;
所述N个客户端和所述密钥服务器通过所述目标公钥验证接收到的备份签名分量的有效性,在验证通过的情况下,保存接收到的备份密钥分量。The N clients and the key server verify the validity of the received backup signature component through the target public key, and if the verification is passed, save the received backup key component.
在一个实施方式中,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
接收恢复请求方的恢复请求,其中,所述恢复请求方为所述N个客户端中的一个设备,所述恢复请求中携带有所述恢复请求方自身的密钥分量和所述目标公钥;Receive a restoration request from a restoration requester, where the restoration requester is one of the N clients, and the restoration request carries the key component of the restoration requester and the target public key ;
所述N个客户端中除所述恢复请求方之外的客户端通过备份方式获取自身备份的密钥分量;Clients other than the restore requester among the N clients obtain their own backup key components through a backup method;
所述N个客户端和所述密钥服务器通过所述安全信道,发起MPC计算生成验证公钥,并确定所述验证公钥与所述目标公钥是否相同,在确定相同的情况下,进行MPC 计算得到N+1份恢复密钥分量,并对所述N+1份恢复密钥分量进行签名,得到N+1份恢复签名分量;The N clients and the key server initiate an MPC calculation to generate a verification public key through the secure channel, and determine whether the verification public key is the same as the target public key, and if it is determined to be the same, proceed MPC calculates to obtain N+1 restoration key components, and signs the N+1 restoration key components to obtain N+1 restoration signature components;
将所述N+1份恢复密钥分量和所述N+1份恢复签名分量,一一对应地发送至所述N个客户端和所述密钥服务器;Sending the N+1 restoration key components and the N+1 restoration signature components to the N clients and the key server in a one-to-one correspondence;
所述N个客户端和所述密钥服务器通过所述目标公钥验证接收到的恢复签名分量的有效性,在验证通过的情况下,更新并保存接收到的恢复密钥分量。The N clients and the key server verify the validity of the received restoration signature component through the target public key, and if the verification is passed, update and save the received restoration key component.
在一个实施方式中,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:In one embodiment, the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and After the key server, it also includes:
所述N个客户端和所述密钥服务器,通过所述安全信道,发起MPC计算得到N+1份刷新密钥分量,并对所述N+1份刷新密钥分量进行签名,得到N+1份刷新签名分量;The N clients and the key server initiate an MPC calculation through the secure channel to obtain N+1 refresh key components, and sign the N+1 refresh key components to obtain N+ 1 refresh signature component;
将所述N+1份刷新密钥分量和N份刷新签名分量,一一对应地下发至所述N个客户端中的各个客户端和密钥服务器;Sending the N+1 refresh key components and N refresh signature components in a one-to-one correspondence to each of the N clients and the key server;
所述N个客户端和所述密钥服务器通过所述目标公钥验证接收到的刷新签名分量的有效性,在验证通过的情况下,保存接收到的刷新密钥分量。The N clients and the key server verify the validity of the received refresh signature component through the target public key, and if the verification passes, save the received refresh key component.
一种电子设备,包括处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现如下方法的步骤:An electronic device includes a processor and a memory for storing executable instructions of the processor, and the processor implements the steps of the following method when executing the instructions:
N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;The N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
所述N个客户端与所述密钥服务器根据所述认证材料建立安全通道;The N clients and the key server establish a secure channel according to the authentication material;
所述N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Each of the N clients generates their own corresponding key components to obtain N key components;
所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。The N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
一种计算机可读存储介质,其上存储有计算机指令,所述指令被执行时实现如下方法的步骤:A computer-readable storage medium having computer instructions stored thereon, which implement the steps of the following method when the instructions are executed:
N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;The N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
所述N个客户端与所述密钥服务器根据所述认证材料建立安全通道;The N clients and the key server establish a secure channel according to the authentication material;
所述N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Each of the N clients generates their own corresponding key components to obtain N key components;
所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。The N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
本申请提供的客户端各自生成密钥分量的密钥管理方法和电子设备,密钥管理系统 中的各个客户端在本地生成自身的密钥分量,最终基于密钥分量生成目标公钥,以实现密钥的生成。通过上述方式解决了现有的密钥管理中所存在的安全性和灵活性低的问题,达到了有效提升密钥安全性和灵活性的技术效果。This application provides a key management method and electronic device for each client to generate a key component. Each client in the key management system generates its own key component locally, and finally generates a target public key based on the key component to achieve Key generation. Through the above method, the problem of low security and low flexibility in the existing key management is solved, and the technical effect of effectively improving the security and flexibility of the key is achieved.
附图说明Description of the drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor.
图1是本申请提供的密钥系统的架构图;Figure 1 is an architectural diagram of the key system provided by this application;
图2是本申请提供的客户端为客户端各自生成密钥分量的密钥管理方法的流程图;FIG. 2 is a flowchart of a key management method for a client to generate key components for each client provided by this application;
图3是本申请提供的实例1的密钥生成的交互示意图;Figure 3 is a schematic diagram of the interaction of the key generation of Example 1 provided by this application;
图4是本申请提供的实例1的密钥使用的交互示意图;Figure 4 is a schematic diagram of the interaction of the key usage of Example 1 provided by the present application;
图5是本申请提供的实例1的密钥备份的交互示意图;Figure 5 is a schematic diagram of the interaction of the key backup of Example 1 provided by this application;
图6是本申请提供的实例1的密钥恢复的交互示意图;6 is a schematic diagram of the interaction of the key recovery of Example 1 provided by this application;
图7是本申请提供的实例2的密钥生成的交互示意图;FIG. 7 is a schematic diagram of the interaction of the key generation of Example 2 provided by this application;
图8是本申请提供的实例2的密钥使用的交互示意图;FIG. 8 is a schematic diagram of the interaction of the key usage of Example 2 provided by this application;
图9是本申请提供的实例2的密钥备份的交互示意图;FIG. 9 is a schematic diagram of the interaction of the key backup of Example 2 provided by the present application;
图10是本申请提供的实例2的密钥恢复的交互示意图;FIG. 10 is a schematic diagram of the interaction of the key recovery of Example 2 provided by this application;
图11是本申请提供的实例2的密钥刷新的交互示意图;FIG. 11 is a schematic diagram of the interaction of the key refresh of Example 2 provided by the present application;
图12是本申请提供的电子设备的结构示意图。FIG. 12 is a schematic diagram of the structure of the electronic device provided by the present application.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本申请中的技术方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those skilled in the art to better understand the technical solutions in the application, the following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Obviously, the described The embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
考虑到现有的是由密钥服务器单方面生成密钥,导致灵活性和安全性较低的问题,在本例中,密钥管理系统中的各个客户端在本地生成自身的密钥分量,最终基于密钥分 量生成目标公钥,以实现密钥的生成。在使用的时候,客户端和密钥服务器使用这些密钥分量进行签名、更新等操作,从而可以提升密钥生成的灵活性和密钥的安全性。Considering that the existing key server generates the key unilaterally, which leads to the problem of low flexibility and security. In this example, each client in the key management system generates its own key component locally, which is finally based on The key component generates the target public key to achieve key generation. When in use, the client and the key server use these key components to perform operations such as signing and updating, thereby improving the flexibility of key generation and the security of the key.
在本例中所提供的客户端各自生成密钥分量的密钥管理方法,应用于密钥管理系统,该密钥管理系统可以如图1所示,包括:N个客户端和一个密钥服务器,其中,N为大于等于2的正整数。In this example, the key management method for each client to generate a key component is applied to a key management system. The key management system may be as shown in Figure 1, including: N clients and a key server , Where N is a positive integer greater than or equal to 2.
图2是本申请所述一种客户端各自生成密钥分量的密钥管理方法一个实施例的方法流程图。虽然本申请提供了如下述实施例或附图所示的方法操作步骤或装置结构,但基于常规或者无需创造性的劳动在所述方法或装置中可以包括更多或者更少的操作步骤或模块单元。在逻辑性上不存在必要因果关系的步骤或结构中,这些步骤的执行顺序或装置的模块结构不限于本申请实施例描述及附图所示的执行顺序或模块结构。所述的方法或模块结构的在实际中的装置或终端产品应用时,可以按照实施例或者附图所示的方法或模块结构连接进行顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至分布式处理环境)。Fig. 2 is a method flowchart of an embodiment of a key management method for each client to generate a key component according to the present application. Although this application provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or fewer operation steps or module units based on conventional or no creative labor. . In steps or structures where there is no necessary causal relationship logically, the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the description of the embodiments of this application and the drawings. When the described method or module structure is applied to an actual device or terminal product, it can be executed sequentially or in parallel according to the method or module structure connection shown in the embodiments or drawings (for example, parallel processor or multi-threaded processing Environment, even distributed processing environment).
具体的,如图2所示,本申请一种实施例提供的一种客户端各自生成密钥分量的密钥管理方法可以包括如下步骤::Specifically, as shown in FIG. 2, a key management method for each client to generate key components provided by an embodiment of the present application may include the following steps:
步骤201:N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;Step 201: N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
其中,上述的客户端为密钥使用方,包括但不限于App、应用服务器等,客户端具体以哪种形式存在可以根据实际需要选择,本申请对此不作限定。上述的密钥服务器为密钥服务方,用于提供密钥相关服务。Among them, the above-mentioned client is a key user, including but not limited to App, application server, etc. The specific form of the client can be selected according to actual needs, and this application does not limit this. The above-mentioned key server is a key service party and is used to provide key related services.
步骤202:N个客户端与所述密钥服务器根据所述认证材料建立安全通道;Step 202: N clients and the key server establish a secure channel according to the authentication material;
上述的安全信道,可以是基于KYC(Know your customer,确认身份程序)完成双向认证后建立的。其中,确认身份程序可以包括但不限于以下至少之一:手机短信、邮箱验证码、账号密码、指纹、人脸、证书等。The above-mentioned secure channel may be established after completing mutual authentication based on KYC (Know your customer, identity confirmation procedure). Wherein, the identity confirmation procedure may include but is not limited to at least one of the following: mobile phone short message, email verification code, account password, fingerprint, face, certificate, etc.
步骤203:N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Step 203: N clients each generate their own corresponding key components to obtain N key components;
例如:客户端1生成密钥分量SK1,S3:客户端2~n在本地生成密钥分量SK2~n。For example: Client 1 generates key components SK1, S3: Clients 2 to n locally generate key components SK2 to n.
步骤204:N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。Step 204: N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
具体的,在上述步骤204中,可以通过两方MPC(Secure Multi-Party Computation,安全多方计算)生成目标公钥,也可以通过多方MPC生成目标公钥。两方MPC就是设 备中的任意两个进行MPC计算,多方MPC就是设备中的所有设备都参与的MPC计算。Specifically, in step 204, the target public key may be generated by a two-party MPC (Secure Multi-Party Computation), or the target public key may be generated by a multi-party MPC. Two-party MPC means that any two of the devices perform MPC calculations, and multi-party MPC means that all devices in the device participate in MPC calculations.
MPC是在没有可信第三方的前提下,两个百万富翁如何不泄露自己的真实财产状况来比较谁更有钱。MPC可以在保证各方数据安全的同时,联合使用各方数据来达到特定的效果,从而充分发挥数据的价值。多个持有各自私有数据的参与方,共同执行一个计算逻辑计算逻辑(如,求最大值计算),并获得计算结果。但过程中,参与的每一方均不会泄漏各自数据的计算,被称之为MPC计算,MPC计算可以通过对协议的设计而不用依赖于可信第三方。安全多方计算可以抽象的理解为:两方分别拥有各自的私有数据,在不泄漏各自私有数据的情况下,能够计算出关于公共函数的结果。整个计算完成时,只有计算结果对双方可知,且双方均不知对方的数据以及计算过程的中间数据。MPC is how two millionaires can compare who is richer without revealing their true property status without a trusted third party. MPC can ensure the data security of all parties, and at the same time, jointly use the data of all parties to achieve specific effects, so as to give full play to the value of data. Multiple participants holding their own private data jointly execute a calculation logic calculation logic (such as a maximum value calculation) and obtain the calculation result. However, in the process, each party participating in the calculation will not leak their own data, which is called MPC calculation. MPC calculation can design the protocol without relying on a trusted third party. Secure multi-party computing can be abstractly understood as: two parties have their own private data, and can calculate the result of the public function without leaking their private data. When the entire calculation is completed, only the calculation result is known to both parties, and neither party knows the other's data and the intermediate data of the calculation process.
下面对两方MPC进行密钥生成、使用、备份、刷新说明如下:The following describes the key generation, use, backup, and refresh of the two-party MPC:
通过两方MPC生成密钥分量和目标私钥,可以包括如下步骤:The key component and target private key generated by the two-party MPC may include the following steps:
S1:N个客户端根据各自生成的密钥分量,计算出公钥分量,得到N份公钥分量;S1: N clients calculate the public key components according to the key components they generate, and obtain N public key components;
S2:从所述N个客户端中选择一个客户端作为第一客户端,其中,所述第一客户端为MPC计算方,所述第一客户端生成的公钥分量作为加密分量;S2: Select a client from the N clients as the first client, where the first client is an MPC computing party, and the public key component generated by the first client is used as an encryption component;
S3:所述N个客户端中除所述第一客户端之外的客户端将自身生成的密钥分量拆分为第一密钥子分量和第二密钥子分量,并通过所述加密分量对第一密钥子分量和公钥分量进行加密,得到N-1份密钥密文和N-1份公钥密文;S3: A client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and passes the encryption The component encrypts the first key subcomponent and the public key component to obtain N-1 key ciphertexts and N-1 public key ciphertexts;
S4:将所述N-1份密钥密文和N-1份公钥密文发送给所述密钥服务器;S4: Send the N-1 key ciphertext and N-1 public key ciphertext to the key server;
S5:密钥服务器通过安全信道将所述N-1份密钥密文、N-1份第一密钥子分量明文和N-1份公钥密文发送给所述第一客户端;S5: The key server sends the N-1 key ciphertext, N-1 first key subcomponent plaintext, and N-1 public key ciphertext to the first client through a secure channel;
S6:第一客户端对所述N-1份密钥密文和N-1份公钥密文进行解密,得到N-1份密钥子分量和N-1份公钥分量,并使用所述加密分量对所述N-1份公钥分量进行签名,得到N-1份签名分量;S6: The first client decrypts the N-1 key ciphertext and N-1 public key ciphertext to obtain N-1 key subcomponents and N-1 public key components, and use all The encrypted component signs the N-1 public key components to obtain N-1 signature components;
S7:第一客户端与所述密钥服务器通过所述安全信道,发起MPC计算,得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。S7: The first client and the key server initiate an MPC calculation through the secure channel to obtain a target public key, and return the target public key to the N clients and the key server.
即,在生成目标公钥的过程,不仅通过安全信道和MPC计算,还生成数据的密文,从而可以同时保证数据传输和数据计算过程中数据的安全性。That is, in the process of generating the target public key, not only the secure channel and MPC calculation are used, but also the ciphertext of the data is generated, so that the security of the data in the data transmission and data calculation process can be guaranteed at the same time.
通过两方MPC生成密钥分量和目标私钥之后,可以按照如下步骤进行签名:After the key component and target private key are generated by the two-party MPC, you can sign according to the following steps:
S1:第一客户端发起签名请求,其中,所述签名请求中携带有待签名数据;S1: The first client initiates a signature request, where the signature request carries data to be signed;
S2:N个客户端中除所述第一客户端之外的客户端将自身生成的密钥分量拆分为第 一密钥子分量和第二密钥子分量,并通过所述加密分量对第一密钥子分量进行加密,得到N-1份密钥密文;S2: A client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encryption component pair The first key subcomponent is encrypted to obtain N-1 key ciphertexts;
S3:N个客户端中除所述第一客户端之外的客户端将所述N-1份密钥密文和N-1份第二密钥子分量明文发送给所述密钥服务器;S3: Clients other than the first client among the N clients send the N-1 key ciphertext and N-1 second key subcomponent plaintext to the key server;
S4:密钥服务器通过安全信道将所述N-1份密钥密文发送给所述第一客户端;S4: The key server sends the N-1 key ciphertext to the first client through a secure channel;
S5:第一客户端对所述N-1份密钥密文进行解密,得到N-1份密钥子分量;S5: The first client decrypts the N-1 key ciphertext to obtain N-1 key subcomponents;
S6:第一客户端与所述密钥服务器通过所述安全信道,发起MPC计算,对所述待签名数据进行签名,并将签名结果返回所述N个客户端和所述密钥服务器。S6: The first client and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and return the signature result to the N clients and the key server.
在通过两方MPC生成密钥分量和目标私钥之后,可以按照如下步骤备份密钥分量:After generating the key component and the target private key through the two-party MPC, the key component can be backed up as follows:
S1:N个客户端中的各客户端通过备份方式获取备份密钥;S1: Each of the N clients obtains the backup key through a backup method;
S2:计算所述备份密钥的哈希值,并将所述哈希值发送至所述密钥服务器;S2: Calculate the hash value of the backup key, and send the hash value to the key server;
S3:密钥服务器验证所述哈希值的正确性,在验证通过的情况下,返回所述目标公钥。S3: The key server verifies the correctness of the hash value, and returns the target public key if the verification is passed.
通过多方MPC生成密钥分量,可以包括如下步骤:Generating key components through multi-party MPC may include the following steps:
S1:密钥服务器生成服务密钥分量;S1: The key server generates the service key component;
S2:N个客户端与所述密钥服务器通过所述安全信道,发起MPC计算,计算得到目标公钥。S2: N clients and the key server initiate an MPC calculation through the secure channel, and the target public key is obtained by calculation.
在通过两方MPC生成密钥分量和目标私钥之后,可以按照如下步骤进行签名:After generating the key component and the target private key through the two-party MPC, you can sign according to the following steps:
S1:第一客户端发起签名请求,其中,所述签名请求中携带有待签名数据,所述第一客户端为所述N个客户端中的一个客户端;S1: The first client initiates a signature request, where the signature request carries data to be signed, and the first client is one of the N clients;
S2:N个客户端与所述密钥服务器通过所述安全信道,发起MPC计算,对所述待签名数据进行签名,并通过所述目标公钥验证签名结果的正确性。S2: N clients and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and verify the correctness of the signature result through the target public key.
在通过两方MPC生成密钥分量和目标私钥之后,可以按照如下步骤进行备份或刷新:After the key component and target private key are generated by the two-party MPC, you can back up or refresh according to the following steps:
S1:所述N个客户端和所述密钥服务器,通过所述安全信道,发起MPC计算得到N+1份备份密钥分量(或刷新密钥分量),并对所述N+1份备份密钥分量(或刷新密钥分量)进行签名,得到N+1份备份签名分量(或刷新签名分量);S1: The N clients and the key server initiate MPC calculation through the secure channel to obtain N+1 backup key components (or refresh key components), and back up the N+1 copies Sign the key component (or refresh key component) to obtain N+1 backup signature components (or refresh signature components);
S2:将所述N+1份备份密钥分量(或刷新密钥分量)和N份备份签名分量(或刷新签名分量),一一对应地下发至所述N个客户端中的各个客户端和密钥服务器;S2: Send the N+1 backup key components (or refresh key components) and N backup signature components (or refresh signature components) to each of the N clients in a one-to-one correspondence And key server;
S3:N个客户端和所述密钥服务器通过所述目标公钥验证接收到的备份签名分量(或 刷新签名分量)的有效性,在验证通过的情况下,保存接收到的备份密钥分量(或刷新密钥分量)。S3: N clients and the key server verify the validity of the received backup signature component (or refresh signature component) through the target public key, and if the verification is passed, save the received backup key component (Or refresh the key component).
在通过两方MPC生成密钥分量和目标私钥之后,可以按照如下步骤进行恢复:After generating the key component and the target private key through the two-party MPC, you can follow the steps below to recover:
S1:接收恢复请求方的恢复请求,其中,所述恢复请求方为所述N个客户端中的一个设备,所述恢复请求中携带有所述恢复请求方自身的密钥分量和所述目标公钥;S1: Receive a recovery request from a recovery requester, where the recovery requester is one of the N clients, and the recovery request carries the key component of the recovery requester and the target Public key
S2:N个客户端中除所述恢复请求方之外的客户端通过备份方式获取自身备份的密钥分量;S2: Clients other than the restore requester among the N clients obtain their own backup key components through a backup method;
S3:N个客户端和所述密钥服务器通过所述安全信道,发起MPC计算生成验证公钥,并确定所述验证公钥与所述目标公钥是否相同,在确定相同的情况下,进行MPC计算得到N+1份恢复密钥分量,并对所述N+1份恢复密钥分量进行签名,得到N+1份恢复签名分量;S3: N clients and the key server initiate MPC calculation to generate a verification public key through the secure channel, and determine whether the verification public key is the same as the target public key, and if it is determined to be the same, proceed MPC calculates to obtain N+1 restoration key components, and signs the N+1 restoration key components to obtain N+1 restoration signature components;
S4:将N+1份恢复密钥分量和所述N+1份恢复签名分量,一一对应地发送至所述N个客户端和所述密钥服务器;S4: Send N+1 restoration key components and the N+1 restoration signature components to the N clients and the key server in a one-to-one correspondence;
S5:N个客户端和所述密钥服务器通过所述目标公钥验证接收到的恢复签名分量的有效性,在验证通过的情况下,更新并保存接收到的恢复密钥分量。S5: N clients and the key server verify the validity of the received restoration signature component through the target public key, and if the verification is passed, update and save the received restoration key component.
下面结合几个具体实例对上述方法进行说明,然而,值得注意的是,该具体实例仅是为了更好地说明本申请,并不构成对本申请的不当限定。The above method will be described below in conjunction with several specific examples. However, it is worth noting that this specific example is only to better illustrate the application and does not constitute an improper limitation of the application.
实例1Example 1
在本例中,提供了一种基于安全两方计算通过一个服务端多个客户端生成并保管的密钥管理方法,具体的,不同客户端独立生成密钥分量最后使用两方MPC生成公钥,通过两方MPC使用客户端和密钥服务器计算签名。In this example, a method for key management based on secure two-party calculations generated and kept by multiple clients on a server is provided. Specifically, different clients independently generate key components and finally use two-party MPC to generate public keys. , Through the two-party MPC using the client and the key server to calculate the signature.
基于此,在密钥管理系统中密钥生成、使用、存储、备份、恢复等操作可以按照如下方式进行:Based on this, operations such as key generation, use, storage, backup, and restoration in the key management system can be performed as follows:
1)生成1) Generate
如图3所示,可以包括如下步骤:As shown in Figure 3, the following steps can be included:
S1:客户端1生成密钥分量SK1,并通过SK1计算出公钥PK1;S1: Client 1 generates key component SK1, and calculates public key PK1 through SK1;
S2:客户端1与密钥服务器通过KYC完成双向认证完成注册操作,并发起密钥生成请求;S2: Client 1 and the key server complete mutual authentication through KYC to complete the registration operation, and initiate a key generation request;
S3:客户端2~n分别通过查询获取客户端1的生成请求,并在本地生成密钥分量SK2~n,计算出公钥PK2~n;S3: Clients 2 to n obtain the generation request of client 1 through query respectively, and locally generate key components SK2 to n, and calculate public keys PK2 to n;
S4:客户端2~n分别与密钥服务器通过KYC完成双向认证,以完成注册操作,然后,将SK2拆分成SK2-1和SK2-2,将SK2-1和PK2使用PK1进行加密。并将PK1(SK2-1)密文、PK1(PK2)密文与SK2-2明文传给密钥服务器。以此类推,SKn拆分成SKn-1和SKn-2,将SKn-2、PKn使用PK1进行加密,并将PK1(SKn-1)密文、PK1(PKn)密文与SKn-2明文传给密钥服务器;S4: Clients 2~n complete mutual authentication with the key server through KYC respectively to complete the registration operation, then split SK2 into SK2-1 and SK2-2, and encrypt SK2-1 and PK2 with PK1. And send PK1 (SK2-1) ciphertext, PK1 (PK2) ciphertext and SK2-2 plaintext to the key server. By analogy, SKn is split into SKn-1 and SKn-2, SKn-2 and PKn are encrypted with PK1, and PK1 (SKn-1) ciphertext, PK1 (PKn) ciphertext and SKn-2 are transmitted in plaintext. To the key server;
S5:密钥服务器通过安全信道,将密文信息PK1(SK2-1)、PK1(SK3-1)...PK1(Skn-1)与PK1(PK2)....PK1(PKn)发送给客户端1;S5: The key server sends the cipher text information PK1(SK2-1), PK1(SK3-1)...PK1(Skn-1) and PK1(PK2)...PK1(PKn) through the secure channel Client 1
S6:客户端1解密得到SK2-1、SK3-1...SKn-1与PK2、PK3...PKn,然后,将PK2...PKn使用SK1进行签名获得签名内容S2...Sn;S6: Client 1 decrypts to obtain SK2-1, SK3-1...SKn-1 and PK2, PK3...PKn, and then signs PK2...PKn with SK1 to obtain signature content S2...Sn;
S7:客户端1将PK2...PKn明文以及签名S2...Sn发送给密钥服务器保存;S7: Client 1 sends PK2...PKn plaintext and signatures S2...Sn to the key server for storage;
S8:客户端1与密钥服务器通过认证材料鉴权并建立安全信道,发起MPC计算:通过密钥分量SK1~n计算出私钥SK,并通过私钥SK计算出公钥PK。并将公钥PK返回给客户端与密钥服务器,分别保存。因为整个过程是完整的MPC计算,因此,私钥SK实际上并没有真正生成过(不管是计算过程中,还是使用过程中),SK1~n均没有在计算交互过程中出现(即没有在网络层传输SK1~n用于计算)。S8: The client 1 and the key server authenticate through the authentication material and establish a secure channel, and initiate MPC calculation: calculate the private key SK through the key components SK1 to n, and calculate the public key PK through the private key SK. And return the public key PK to the client and the key server and save them separately. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during calculation or during use), and SK1~n did not appear in the process of computing interaction (that is, not in the network Layer transmission SK1-n is used for calculation).
2)使用2) use
如图4所示,可以包括如下步骤:As shown in Figure 4, the following steps can be included:
S1:客户端1发起签名请求,并提供公钥PK作为唯一标识以及待签名数据;S1: Client 1 initiates a signature request and provides the public key PK as a unique identifier and data to be signed;
S2:客户端2~n与密钥服务器通过KYC完成双向认证并建立安全信道,然后,将SK2拆分成SK2-1和SK2-2,将SK2-1使用PK1进行加密。并将PK1(SK2-1)密文与SK2-2明文传给密钥服务器。以此类推,SKn拆分成SKn-1和SKn-2,将SKn-2使用PK1进行加密,并将PK1(SKn-1)密文与SKn-2明文传给密钥服务器;S2: The client 2~n and the key server complete mutual authentication through KYC and establish a secure channel. Then, SK2 is split into SK2-1 and SK2-2, and SK2-1 is encrypted using PK1. And send the ciphertext of PK1 (SK2-1) and the plaintext of SK2-2 to the key server. By analogy, SKn is split into SKn-1 and SKn-2, SKn-2 is encrypted with PK1, and the ciphertext of PK1 (SKn-1) and SKn-2 are transmitted to the key server;
S3:密钥服务器通过安全信道将密文信息PK1(SK2-1)、PK1(SK3-1)...PK1(Skn-1)发送给客户端1;S3: The key server sends the cipher text information PK1 (SK2-1), PK1 (SK3-1)...PK1 (Skn-1) to the client 1 through the secure channel;
S4:客户端1解密获得SK2-1、SK3-1...SKn-1;S4: Client 1 decrypts to obtain SK2-1, SK3-1...SKn-1;
S5:客户端1与密钥服务器通过认证材料鉴权建立安全信道,发起MPC计算:通过密钥分量SK1~n计算出私钥SK,并通过私钥SK对待签名数据进行签名。将签名返回给客户端与密钥服务器。因为整个过程是完整的MPC计算,因此,私钥SK实际上并没有真正生成过(不管是计算过程中,还是使用过程中),SK1~n均没有在计算交互过程中出现(即没有在网络层传输SKs、SK1~n用于计算)。S5: The client 1 and the key server establish a secure channel through authentication material authentication, and initiate MPC calculation: the private key SK is calculated through the key components SK1 to n, and the private key SK is used to sign the data to be signed. Return the signature to the client and the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during calculation or during use), and SK1~n did not appear in the process of computing interaction (that is, not in the network Layer transmission SKs, SK1~n are used for calculation).
3)存储3) storage
密钥或密钥分量可以通过但不限于以下形式之一保存:The key or key component can be stored in one of the following forms, but not limited to:
数据库:通过数据库保存密钥或密钥分量,其中密钥或密钥分量可以加密保存;Database: Save the key or key component through the database, where the key or key component can be encrypted and stored;
密钥文件:通过导出密钥文件形式保存密钥或密钥分量,其中密钥或密钥分量可以加密保存;Key file: save the key or key component by exporting the key file, where the key or key component can be encrypted and stored;
HSM:通过硬件安全模块保存密钥或密钥分量,其中密钥或密钥分量可以加密保存;HSM: Save the key or key component through the hardware security module, where the key or key component can be encrypted and stored;
助记词:将密钥活密钥分量通过转换生成一系列助记词进行保存;Mnemonic: Convert the key and the key component to generate a series of mnemonics for storage;
二维码:通过密钥或密钥分量生成对应二维码进行保存,其中密钥或密钥分量可以加密保存。Two-dimensional code: The corresponding two-dimensional code is generated by the key or key component for storage, where the key or key component can be encrypted and stored.
4)备份4) backup
如图5所示,客户端在生成密钥分量SK1~n的过程中,直接对密钥分量SK1~n进行备份保存。As shown in Figure 5, in the process of generating the key components SK1-n, the client directly backs up the key components SK1-n.
5)恢复5) Recovery
如图6所示,可以包括如下步骤:As shown in Figure 6, the following steps can be included:
S1:客户端通过备份方式获取备份密钥,并将密钥计算Hash值发送给密钥服务器,发起密钥恢复请求;S1: The client obtains the backup key through the backup method, and sends the key calculation hash value to the key server to initiate a key recovery request;
S2:密钥服务器接收到恢复请求之后,验证Hash值的正确性,若正确,则返回公钥PK。S2: After receiving the recovery request, the key server verifies the correctness of the hash value, and if it is correct, returns the public key PK.
实例2Example 2
在本例中,提供了一种基于安全多方计算通过一个服务端多个客户端生成并保管的密钥管理方法,具体的,多个客户端与密钥服务器分别生成私钥分量通过MPC计算获得公钥,通过MPC使用多个客户端和密钥服务器计算签名,通过某个客户端的私钥分量进行MPC计算刷新多个客户端与密钥服务器的分量。In this example, a method for key management based on secure multi-party calculations generated and stored by multiple clients on a server is provided. Specifically, multiple clients and key servers respectively generate private key components through MPC calculations. The public key uses multiple clients and key servers to calculate the signature through MPC, and uses the private key component of a certain client to perform MPC calculation to refresh the components of multiple clients and key servers.
基于此,在密钥管理系统中密钥生成、使用、存储、备份、恢复、刷新等操作可以按照如下方式进行:Based on this, operations such as key generation, use, storage, backup, restoration, and refresh in the key management system can be performed as follows:
1)生成1) Generate
如图7所示,可以包括如下步骤:As shown in Figure 7, the following steps can be included:
S1:客户端与密钥服务器通过KYC完成双向认证,并下发认证材料完成注册流程;S1: The client and the key server complete two-way authentication through KYC, and issue authentication materials to complete the registration process;
S2:客户端分别生成密钥分量并保存,例如:客户端1生成密钥分量SK1,客户端 2生成密钥分量SK2;以此类推,客户端n生成密钥分量SKn;S2: Clients generate and save key components respectively, for example: client 1 generates key component SK1, client 2 generates key component SK2; and so on, client n generates key component SKn;
S3:密钥服务器在接收到密钥生成请求后,生成密钥分量SKs并保存;S3: After receiving the key generation request, the key server generates and saves the key component SKs;
S4:客户端与密钥服务器通过认证材料鉴权建立安全信道,发起MPC计算:通过密钥分量SKs、SK1~n计算出私钥SK,并通过私钥SK算出公钥PK。并将公钥返回给客户端与密钥服务器,客户端和密钥服务器分别进行保存。因为整个过程是完整的MPC计算,因此,私钥SK实际上并没有真正生成过(不管是计算过程中,还是使用过程中),SKa、SK1~n均没有在计算交互过程中出现(即没有在网络层传输SKs、SK1~n用于计算)。S4: The client and the key server establish a secure channel through authentication material authentication, and initiate MPC calculation: calculate the private key SK through the key components SKs, SK1~n, and calculate the public key PK through the private key SK. The public key is returned to the client and the key server, and the client and the key server are stored separately. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during calculation or during use), and SKa and SK1~n did not appear in the calculation interaction process (that is, no SKs, SK1~n are transmitted at the network layer for calculation).
2)使用2) use
如图8所示,可以包括如下步骤:As shown in Figure 8, the following steps can be included:
S1:客户端1发起签名请求,并提供公钥PK作为唯一标识以及待签名数据;S1: Client 1 initiates a signature request and provides the public key PK as a unique identifier and data to be signed;
S2:客户端与密钥服务器通过KYC完成双向认证并建立安全信道;S2: The client and the key server complete mutual authentication and establish a secure channel through KYC;
S3:客户端与密钥服务器通过安全信道发起MPC计算:对待签名数据进行签名操作,并通过PK公钥验证签名的正确性。S3: The client and the key server initiate an MPC calculation through a secure channel: perform a signature operation on the data to be signed, and verify the correctness of the signature through the PK public key.
3)存储3) storage
密钥或密钥分量可以通过但不限于以下形式之一保存:The key or key component can be stored in one of the following forms, but not limited to:
数据库:通过数据库保存密钥或密钥分量,其中密钥或密钥分量可以加密保存;Database: Save the key or key component through the database, where the key or key component can be encrypted and stored;
密钥文件:通过导出密钥文件形式保存密钥或密钥分量,其中密钥或密钥分量可以加密保存;Key file: save the key or key component by exporting the key file, where the key or key component can be encrypted and stored;
HSM:通过硬件安全模块保存密钥或密钥分量,其中密钥或密钥分量可以加密保存;HSM: Save the key or key component through the hardware security module, where the key or key component can be encrypted and stored;
助记词:将密钥活密钥分量通过转换生成一系列助记词进行保存;Mnemonic: Convert the key and the key component to generate a series of mnemonics for storage;
二维码:通过密钥或密钥分量生成对应二维码进行保存,其中密钥或密钥分量可以加密保存。Two-dimensional code: The corresponding two-dimensional code is generated by the key or key component for storage, where the key or key component can be encrypted and stored.
4)备份4) backup
如图9所示,可以包括如下步骤:As shown in Figure 9, the following steps can be included:
S1:客户端1发起备份密钥请求,通过KYC完成双向认证并建立安全信道;S1: Client 1 initiates a backup key request, completes two-way authentication through KYC and establishes a secure channel;
S2:客户端与密钥服务器通过安全信道发起MPC计算:生成私钥SK,并通过secret sharing算法生成SK1~SKn+1,使用SK对SK1~SKn+1进行签名,生成签名S1~Sn+1。将签名分别下发给不同的密钥服务器、客户端。例如:下发SK1、S1至客户端1;下发SK2、S2至客户端2;以此类推,下发SKn、Sn至客户端n;SKn+1、Sn+1至密钥服务 器。因为整个过程是完整的MPC计算,因此,私钥SK实际上并没有真正生成过(不管是计算过程中,还是使用过程中);S2: The client and the key server initiate MPC calculations through a secure channel: generate a private key SK, and generate SK1~SKn+1 through the secret sharing algorithm, use SK to sign SK1~SKn+1, and generate signatures S1~Sn+1 . Distribute the signatures to different key servers and clients. For example: issue SK1, S1 to client 1; issue SK2, S2 to client 2; and so on, issue SKn, Sn to client n; SKn+1, Sn+1 to the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during the calculation process or during use);
S3:各个客户端和密钥服务器通过之前存储的公钥PK验证接收到的签名分量的有效性,如果有效,则保存备份接收到的密钥分量。S3: Each client and key server verifies the validity of the received signature component through the previously stored public key PK, and if it is valid, saves the received key component for backup.
5)恢复5) Recovery
如图10所示,可以包括如下步骤:As shown in Figure 10, the following steps can be included:
S1:假设客户端1需要恢复密钥,通过备份方式获取备份密钥,使用备份密钥分量SK1、PK发起密钥恢复请求;S1: Assuming that client 1 needs to restore the key, obtain the backup key through backup, and use the backup key components SK1 and PK to initiate a key restoration request;
S2:客户端2~n接收到客户端1发起的密钥恢复请求,并同意。然后各自通过备份方式获取备份密钥,提供SK2~SKn用于配合恢复密钥;S2: Clients 2 to n receive the key recovery request initiated by client 1 and agree. Then each obtain the backup key through the backup method, and provide SK2~SKn to cooperate with the recovery key;
S3:客户端与密钥服务器通过KYC完成双向认证并建立安全信道;S3: The client and the key server complete mutual authentication and establish a secure channel through KYC;
S4:客户端与密钥服务器通过安全信道发起MPC计算验证备份分量是否正确:计算私钥SK,通过SK生成公钥PK,若PK与保存的PK相同,则验证通过。若通过验证,则进行MPC计算恢复密钥分量:计算私钥SK,并通过secret sharing算法生成SK1~SKn+1,使用SK对SK1~SKn+1进行签名,生成签名S1~Sn+1。将签名分别下发给不同的客户端和密钥服务器,例如:下发SK1、S1至客户端1;下发SK2、S2至客户端2;以此类推,下发SKn、Sn至客户端n;SKn+1、Sn+1至密钥服务器。因为整个过程是完整的MPC计算,因此,私钥SK实际上并没有真正生成过(不管是计算过程中,还是使用过程中);S4: The client and the key server initiate an MPC calculation through the secure channel to verify whether the backup component is correct: calculate the private key SK, and generate the public key PK through the SK. If the PK is the same as the stored PK, the verification is passed. If the verification is passed, the MPC calculates the recovery key component: calculates the private key SK, generates SK1~SKn+1 through the secret sharing algorithm, and uses SK to sign SK1~SKn+1 to generate signatures S1~Sn+1. Send the signatures to different clients and key servers, for example: send SK1 and S1 to client 1; send SK2 and S2 to client 2; and so on, send SKn and Sn to client n ; SKn+1, Sn+1 to the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (either during the calculation process or during use);
S5:各个客户端和密钥服务器通过之前存储的公钥PK验证签名有效性,若有效,则更新并保存密钥分量。S5: Each client and the key server verify the validity of the signature through the previously stored public key PK, and if it is valid, update and save the key component.
6)刷新6) refresh
如图11所示,可以包括如下步骤:As shown in Figure 11, the following steps can be included:
S1:客户端或密钥服务器发起刷新密钥请求,通过KYC完成双向认证并建立安全信道;S1: The client or key server initiates a key refresh request, completes two-way authentication through KYC and establishes a secure channel;
S2:客户端与密钥服务器通过安全信道发起MPC计算:生成私钥SK,并通过secret sharing算法生成SK1~SKn+1,使用SK对SK1~SKn+1进行签名,生成签名S1~Sn+1。将签名分别下发给不同的客户端和密钥服务器,例如:下发SK1、S1至客户端1;下发SK2、S2至客户端2;以此类推,下发SKn、Sn至客户端n;SKn+1、Sn+1至密钥服务器。因为整个过程是完整的MPC计算,因此,私钥SK实际上并没有真正生成过(不管 是计算过程中,还是使用过程中);S2: The client and the key server initiate MPC calculations through a secure channel: generate a private key SK, and generate SK1~SKn+1 through the secret sharing algorithm, use SK to sign SK1~SKn+1, and generate signatures S1~Sn+1 . Send the signatures to different clients and key servers, for example: send SK1 and S1 to client 1; send SK2 and S2 to client 2; and so on, send SKn and Sn to client n ; SKn+1, Sn+1 to the key server. Because the entire process is a complete MPC calculation, the private key SK has not actually been generated (whether in the calculation process or in use);
S3:各个客户端和密钥服务器通过之前存储的公钥PK验证签名的有效性,若有效,则更新并保存密钥分量。S3: Each client and the key server verify the validity of the signature through the previously stored public key PK, and if it is valid, update and save the key component.
本申请上述实施例所提供的方法实施例可以在移动终端、计算机终端或者类似的运算装置中执行。以运行在电子设备上为例,图12是本发明实施例的一种客户端各自生成密钥分量的密钥管理方法的电子设备的硬件结构框图。如图12所示,电子设备10可以包括一个或多个(图中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器104、以及用于通信功能的传输模块106。本领域普通技术人员可以理解,图12所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,电子设备10还可包括比图12中所示更多或者更少的组件,或者具有与图12所示不同的配置。The method embodiments provided in the foregoing embodiments of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Taking the operation on an electronic device as an example, FIG. 12 is a hardware structural block diagram of an electronic device of a key management method for each client to generate a key component in an embodiment of the present invention. As shown in FIG. 12, the electronic device 10 may include one or more (only one is shown in the figure) processor 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) , A memory 104 for storing data, and a transmission module 106 for communication functions. A person of ordinary skill in the art can understand that the structure shown in FIG. 12 is only for illustration, and does not limit the structure of the above electronic device. For example, the electronic device 10 may also include more or fewer components than those shown in FIG. 12, or have a different configuration from that shown in FIG.
存储器104可用于存储应用软件的软件程序以及模块,如本发明实施例中的客户端各自生成密钥分量的密钥管理方法对应的程序指令/模块,处理器102通过运行存储在存储器104内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的应用程序的客户端各自生成密钥分量的密钥管理方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端10。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store software programs and modules of application software, such as the program instructions/modules corresponding to the key management method for generating key components of the client in the embodiment of the present invention. The processor 102 runs the program stored in the memory 104 Software programs and modules to execute various functional applications and data processing, that is, to implement the key management method of each client generating the key components of the above-mentioned application. The memory 104 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include a memory remotely provided with respect to the processor 102, and these remote memories may be connected to the computer terminal 10 via a network. Examples of the aforementioned networks include but are not limited to the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
传输模块106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端10的通信供应商提供的无线网络。在一个实例中,传输模块106包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输模块106可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。The transmission module 106 is used to receive or send data via a network. The above-mentioned specific examples of the network may include a wireless network provided by the communication provider of the computer terminal 10. In one example, the transmission module 106 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In an example, the transmission module 106 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
本申请的实施例还提供能够实现上述实施例中的客户端各自生成密钥分量的密钥管理方法中全部步骤的一种电子设备的具体实施方式,所述电子设备具体包括如下内容:处理器(processor)、存储器(memory)、通信接口(Communications Interface)和总线;其中,所述处理器、存储器、通信接口通过所述总线完成相互间的通信;所述处理器用于调用所述存储器中的计算机程序,所述处理器执行所述计算机程序时实现上述实施例中的客 户端各自生成密钥分量的密钥管理方法中的全部步骤,例如,所述处理器执行所述计算机程序时实现下述步骤:The embodiment of the present application also provides a specific implementation manner of an electronic device that can implement all the steps in the key management method for each client generating a key component in the foregoing embodiment, and the electronic device specifically includes the following content: a processor (processor), memory (memory), communication interface (Communications Interface), and bus; wherein the processor, memory, and communication interface communicate with each other through the bus; the processor is used to call the A computer program, when the processor executes the computer program, all the steps in the key management method for each client generating a key component in the above embodiments are implemented. For example, when the processor executes the computer program, the following The steps described:
步骤1:N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;Step 1: N clients and the key server complete the mutual authentication through the identity confirmation procedure, and issue authentication materials;
步骤2:所述N个客户端与所述密钥服务器根据所述认证材料建立安全通道;Step 2: The N clients and the key server establish a secure channel according to the authentication material;
步骤3:所述N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Step 3: The N clients each generate their own key components to obtain N key components;
步骤4:所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。Step 4: The N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and the key server.
从上述描述可知,本申请实施例提供的客户端各自生成密钥分量的密钥管理方法和电子设备,密钥管理系统中的各个客户端在本地生成自身的密钥分量,最终基于密钥分量生成目标公钥,以实现密钥的生成。通过上述方式解决了现有的密钥管理中所存在的安全性和灵活性低的问题,达到了有效提升密钥安全性和灵活性的技术效果。It can be seen from the above description that the key management method and electronic device for each client to generate a key component provided by the embodiments of the present application, each client in the key management system generates its own key component locally, which is finally based on the key component Generate the target public key to achieve key generation. Through the above method, the problem of low security and low flexibility in the existing key management is solved, and the technical effect of effectively improving the security and flexibility of the key is achieved.
本申请的实施例还提供能够实现上述实施例中的客户端各自生成密钥分量的密钥管理方法中全部步骤的一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述实施例中的客户端各自生成密钥分量的密钥管理方法的全部步骤,例如,所述处理器执行所述计算机程序时实现下述步骤:The embodiment of the present application also provides a computer-readable storage medium capable of implementing all the steps in the key management method for each client generating a key component in the above-mentioned embodiment, and the computer-readable storage medium stores a computer program When the computer program is executed by the processor, all the steps of the key management method for the client to generate key components in the above embodiments are implemented. For example, when the processor executes the computer program, the following steps are implemented:
步骤1:N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;Step 1: N clients and the key server complete the mutual authentication through the identity confirmation procedure, and issue authentication materials;
步骤2:所述N个客户端与所述密钥服务器根据所述认证材料建立安全通道;Step 2: The N clients and the key server establish a secure channel according to the authentication material;
步骤3:所述N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Step 3: The N clients each generate their own key components to obtain N key components;
步骤4:所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。Step 4: The N clients and the key server calculate the target public key according to the N key components, and return the target public key to the N clients and the key server.
从上述描述可知,本申请实施例提供的客户端各自生成密钥分量的密钥管理方法和电子设备,密钥管理系统中的各个客户端在本地生成自身的密钥分量,最终基于密钥分量生成目标公钥,以实现密钥的生成。通过上述方式解决了现有的密钥管理中所存在的安全性和灵活性低的问题,达到了有效提升密钥安全性和灵活性的技术效果。It can be seen from the above description that the key management method and electronic device for each client to generate a key component provided by the embodiments of the present application, each client in the key management system generates its own key component locally, which is finally based on the key component Generate the target public key to achieve key generation. Through the above method, the problem of low security and low flexibility in the existing key management is solved, and the technical effect of effectively improving the security and flexibility of the key is achieved.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于硬件+程序类实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the hardware+program embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown to achieve the desired result. In certain embodiments, multitasking and parallel processing are also possible or may be advantageous.
虽然本申请提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的劳动可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或客户端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境)。Although this application provides method operation steps as described in the embodiments or flowcharts, conventional or uninvented labor may include more or fewer operation steps. The sequence of steps listed in the embodiment is only one way of the execution sequence of the steps, and does not represent the only execution sequence. When an actual device or a client product is executed, it can be executed sequentially or in parallel according to the methods shown in the embodiments or drawings (for example, a parallel processor or a multi-threaded environment).
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet. Computers, wearable devices, or any combination of these devices.
虽然本说明书实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。Although the embodiments of this specification provide method operation steps as described in the embodiments or flowcharts, conventional or non-inventive means may include more or fewer operation steps. The sequence of steps listed in the embodiment is only one way of the execution sequence of the steps, and does not represent the only execution sequence. When an actual device or terminal product is executed, it can be executed sequentially or in parallel according to the methods shown in the embodiments or drawings (for example, a parallel processor or multi-threaded processing environment, or even a distributed data processing environment). The terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product, or device that includes a series of elements includes not only those elements, but also other elements that are not explicitly listed. Elements, or also include elements inherent to such processes, methods, products, or equipment. If there are no more restrictions, it does not exclude that there are other identical or equivalent elements in the process, method, product, or device including the elements.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书实施例时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接 可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing the embodiments of this specification, the function of each module can be implemented in the same one or more software and/or hardware, or a module that implements the same function can be implemented by a combination of multiple sub-modules or sub-units. The device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内部包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。Those skilled in the art also know that in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in the controller for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。 计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
本领域技术人员应明白,本说明书的实施例可提供为方法、系统或计算机程序产品。因此,本说明书实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of this specification can be provided as methods, systems or computer program products. Therefore, the embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of this specification may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本说明书实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。The embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书实施例的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment. In the description of this specification, descriptions with reference to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" etc. mean specific features described in conjunction with the embodiment or example , Structure, materials or features are included in at least one embodiment or example of the embodiments of this specification. In this specification, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics can be combined in any one or more embodiments or examples in a suitable manner. In addition, those skilled in the art can combine and combine the different embodiments or examples and the characteristics of the different embodiments or examples described in this specification without contradicting each other.
以上所述仅为本说明书实施例的实施例而已,并不用于限制本说明书实施例。对于本领域技术人员来说,本说明书实施例可以有各种更改和变化。凡在本说明书实施例的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本说明书实施例的权 利要求范围之内。The above descriptions are only examples of the embodiments of this specification, and are not used to limit the embodiments of this specification. For those skilled in the art, various modifications and changes are possible in the embodiments of this specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of this specification should be included in the scope of the claims of the embodiments of this specification.

Claims (11)

  1. 一种客户端各自生成密钥分量的密钥管理方法,应用于密钥管理系统中,其中,所述密钥管理系统包括:N个客户端和一个密钥服务器,其特征在于,所述方法包括:A key management method for each client to generate a key component is applied in a key management system, wherein the key management system includes: N clients and a key server, characterized in that the method include:
    所述N个客户端与所述密钥服务器通过确认身份程序完成双向认证,并下发认证材料;The N clients and the key server complete mutual authentication through an identity confirmation procedure, and issue authentication materials;
    所述N个客户端与所述密钥服务器根据所述认证材料建立安全通道;The N clients and the key server establish a secure channel according to the authentication material;
    所述N个客户端各自生成自身对应的密钥分量,得到N份密钥分量;Each of the N clients generates their own corresponding key components to obtain N key components;
    所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。The N clients and the key server calculate a target public key according to the N key components, and return the target public key to the N clients and the key server.
  2. 根据权利要求1所述的方法,其特征在于,所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器,包括:The method according to claim 1, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the The N clients and the key server include:
    所述N个客户端根据各自生成的密钥分量,计算出公钥分量,得到N份公钥分量;The N clients calculate the public key components according to the key components generated by them, and obtain N public key components;
    从所述N个客户端中选择一个客户端作为第一客户端,其中,所述第一客户端为MPC计算方,所述第一客户端生成的公钥分量作为加密分量;Selecting a client from the N clients as the first client, where the first client is an MPC computing party, and the public key component generated by the first client is used as an encryption component;
    所述N个客户端中除所述第一客户端之外的客户端将自身生成的密钥分量拆分为第一密钥子分量和第二密钥子分量,并通过所述加密分量对第一密钥子分量和公钥分量进行加密,得到N-1份密钥密文和N-1份公钥密文;A client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encrypted component pair The first key subcomponent and the public key component are encrypted to obtain N-1 key ciphertexts and N-1 public key ciphertexts;
    将所述N-1份密钥密文和N-1份公钥密文发送给所述密钥服务器;Sending the N-1 key ciphertext and N-1 public key ciphertext to the key server;
    所述密钥服务器通过安全信道将所述N-1份密钥密文、N-1份第一密钥子分量明文和N-1份公钥密文发送给所述第一客户端;Sending, by the key server, the N-1 key ciphertext, N-1 first key subcomponent plaintext, and N-1 public key ciphertext to the first client through a secure channel;
    所述第一客户端对所述N-1份密钥密文和N-1份公钥密文进行解密,得到N-1份密钥子分量和N-1份公钥分量,并使用所述加密分量对所述N-1份公钥分量进行签名,得到N-1份签名分量;The first client decrypts the N-1 key ciphertext and N-1 public key ciphertext to obtain N-1 key subcomponents and N-1 public key components, and use all The encrypted component signs the N-1 public key components to obtain N-1 signature components;
    所述第一客户端与所述密钥服务器通过所述安全信道,发起MPC计算,得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器。The first client and the key server initiate an MPC calculation through the secure channel to obtain a target public key, and return the target public key to the N clients and the key server.
  3. 根据权利要求2所述的方法,其特征在于,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:The method according to claim 2, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to After the N clients and the key server, it further includes:
    所述第一客户端发起签名请求,其中,所述签名请求中携带有待签名数据;The first client initiates a signature request, wherein the signature request carries data to be signed;
    所述N个客户端中除所述第一客户端之外的客户端将自身生成的密钥分量拆分为第一密钥子分量和第二密钥子分量,并通过所述加密分量对第一密钥子分量进行加密,得到N-1份密钥密文;A client other than the first client among the N clients splits the key component generated by itself into a first key sub-component and a second key sub-component, and uses the encrypted component pair The first key subcomponent is encrypted to obtain N-1 key ciphertexts;
    所述N个客户端中除所述第一客户端之外的客户端将所述N-1份密钥密文和N-1份第二密钥子分量明文发送给所述密钥服务器;Clients other than the first client among the N clients send the N-1 key ciphertext and N-1 second key subcomponent plaintext to the key server;
    所述密钥服务器通过安全信道将所述N-1份密钥密文发送给所述第一客户端;Sending, by the key server, the N-1 key ciphertext to the first client through a secure channel;
    所述第一客户端对所述N-1份密钥密文进行解密,得到N-1份密钥子分量;The first client decrypts the N-1 key ciphertext to obtain N-1 key subcomponents;
    所述第一客户端与所述密钥服务器通过所述安全信道,发起MPC计算,对所述待签名数据进行签名,并将签名结果返回所述N个客户端和所述密钥服务器。The first client and the key server initiate an MPC calculation through the secure channel, sign the data to be signed, and return the signature result to the N clients and the key server.
  4. 根据权利要求2所述的方法,其特征在于,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:The method according to claim 2, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to After the N clients and the key server, it further includes:
    所述N个客户端中的各客户端通过备份方式获取备份密钥;Each of the N clients obtains a backup key through a backup method;
    计算所述备份密钥的哈希值,并将所述哈希值发送至所述密钥服务器;Calculating the hash value of the backup key, and sending the hash value to the key server;
    所述密钥服务器验证所述哈希值的正确性,在验证通过的情况下,返回所述目标公钥。The key server verifies the correctness of the hash value, and returns the target public key if the verification is passed.
  5. 根据权利要求1所述的方法,其特征在于,所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器,包括:The method according to claim 1, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to the The N clients and the key server include:
    所述密钥服务器生成服务密钥分量;The key server generates a service key component;
    所述N个客户端与所述密钥服务器通过所述安全信道,发起MPC计算,计算得到目标公钥。The N clients and the key server initiate an MPC calculation through the secure channel, and the target public key is obtained by calculation.
  6. 根据权利要求5所述的方法,其特征在于,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:The method according to claim 5, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to After the N clients and the key server, it further includes:
    第一客户端发起签名请求,其中,所述签名请求中携带有待签名数据,所述第一客户端为所述N个客户端中的一个客户端;The first client initiates a signature request, where the signature request carries data to be signed, and the first client is one of the N clients;
    所述N个客户端与所述密钥服务器通过所述安全信道,发起MPC计算,对所述待签名数据进行签名,并通过所述目标公钥验证签名结果的正确性。The N clients and the key server initiate MPC calculations through the secure channel, sign the data to be signed, and verify the correctness of the signature result through the target public key.
  7. 根据权利要求5所述的方法,其特征在于,在所述N个客户端和所述密钥服务 器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:The method according to claim 5, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to After the N clients and the key server, it further includes:
    所述N个客户端和所述密钥服务器,通过所述安全信道,发起MPC计算得到N+1份备份密钥分量,并对所述N+1份备份密钥分量进行签名,得到N+1份备份签名分量;The N clients and the key server initiate an MPC calculation through the secure channel to obtain N+1 backup key components, and sign the N+1 backup key components to obtain N+ 1 backup signature component;
    将所述N+1份备份密钥分量和N份备份签名分量,一一对应地下发至所述N个客户端中的各个客户端和密钥服务器;Sending the N+1 backup key components and N backup signature components in a one-to-one correspondence to each of the N clients and the key server;
    所述N个客户端和所述密钥服务器通过所述目标公钥验证接收到的备份签名分量的有效性,在验证通过的情况下,保存接收到的备份密钥分量。The N clients and the key server verify the validity of the received backup signature component through the target public key, and if the verification is passed, save the received backup key component.
  8. 根据权利要求5所述的方法,其特征在于,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:The method according to claim 5, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to After the N clients and the key server, it further includes:
    接收恢复请求方的恢复请求,其中,所述恢复请求方为所述N个客户端中的一个设备,所述恢复请求中携带有所述恢复请求方自身的密钥分量和所述目标公钥;Receive a restoration request from a restoration requester, where the restoration requester is one of the N clients, and the restoration request carries the key component of the restoration requester and the target public key ;
    所述N个客户端中除所述恢复请求方之外的客户端通过备份方式获取自身备份的密钥分量;Clients other than the restore requester among the N clients obtain their own backup key components through a backup method;
    所述N个客户端和所述密钥服务器通过所述安全信道,发起MPC计算生成验证公钥,并确定所述验证公钥与所述目标公钥是否相同,在确定相同的情况下,进行MPC计算得到N+1份恢复密钥分量,并对所述N+1份恢复密钥分量进行签名,得到N+1份恢复签名分量;The N clients and the key server initiate an MPC calculation to generate a verification public key through the secure channel, and determine whether the verification public key is the same as the target public key, and if it is determined to be the same, proceed MPC calculates to obtain N+1 restoration key components, and signs the N+1 restoration key components to obtain N+1 restoration signature components;
    将所述N+1份恢复密钥分量和所述N+1份恢复签名分量,一一对应地发送至所述N个客户端和所述密钥服务器;Sending the N+1 restoration key components and the N+1 restoration signature components to the N clients and the key server in a one-to-one correspondence;
    所述N个客户端和所述密钥服务器通过所述目标公钥验证接收到的恢复签名分量的有效性,在验证通过的情况下,更新并保存接收到的恢复密钥分量。The N clients and the key server verify the validity of the received restoration signature component through the target public key, and if the verification is passed, update and save the received restoration key component.
  9. 根据权利要求5所述的方法,其特征在于,在所述N个客户端和所述密钥服务器根据所述N份密钥分量,计算得到目标公钥,并将所述目标公钥返回至所述N个客户端和所述密钥服务器之后,还包括:The method according to claim 5, wherein the N clients and the key server calculate the target public key according to the N key components, and return the target public key to After the N clients and the key server, it further includes:
    所述N个客户端和所述密钥服务器,通过所述安全信道,发起MPC计算得到N+1份刷新密钥分量,并对所述N+1份刷新密钥分量进行签名,得到N+1份刷新签名分量;The N clients and the key server initiate an MPC calculation through the secure channel to obtain N+1 refresh key components, and sign the N+1 refresh key components to obtain N+ 1 refresh signature component;
    将所述N+1份刷新密钥分量和N份刷新签名分量,一一对应地下发至所述N个客户端中的各个客户端和密钥服务器;Sending the N+1 refresh key components and N refresh signature components in a one-to-one correspondence to each of the N clients and the key server;
    所述N个客户端和所述密钥服务器通过所述目标公钥验证接收到的刷新签名分量的有效性,在验证通过的情况下,保存接收到的刷新密钥分量。The N clients and the key server verify the validity of the received refresh signature component through the target public key, and if the verification passes, save the received refresh key component.
  10. 一种电子设备,包括处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现权利要求1至9中任一项所述方法的步骤。An electronic device comprising a processor and a memory for storing executable instructions of the processor, and the processor implements the steps of the method according to any one of claims 1 to 9 when the processor executes the instructions.
  11. 一种计算机可读存储介质,其上存储有计算机指令,所述指令被执行时实现权利要求1至9中任一项所述方法的步骤。A computer-readable storage medium having computer instructions stored thereon, which implement the steps of the method in any one of claims 1 to 9 when the instructions are executed.
PCT/CN2019/076587 2019-02-28 2019-02-28 Key management method in which clients separately generate key components, and electronic device WO2020172889A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/076587 WO2020172889A1 (en) 2019-02-28 2019-02-28 Key management method in which clients separately generate key components, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/076587 WO2020172889A1 (en) 2019-02-28 2019-02-28 Key management method in which clients separately generate key components, and electronic device

Publications (1)

Publication Number Publication Date
WO2020172889A1 true WO2020172889A1 (en) 2020-09-03

Family

ID=72238750

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/076587 WO2020172889A1 (en) 2019-02-28 2019-02-28 Key management method in which clients separately generate key components, and electronic device

Country Status (1)

Country Link
WO (1) WO2020172889A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105468986A (en) * 2015-12-02 2016-04-06 深圳大学 Confidential information retrieval method and system
CN105794145A (en) * 2013-11-27 2016-07-20 微软技术许可有限责任公司 Server-aided private set intersection (PSI) with data transfer
CN106961336A (en) * 2017-04-18 2017-07-18 北京百旺信安科技有限公司 A kind of key components trustship method and system based on SM2 algorithms
WO2019027787A1 (en) * 2017-08-03 2019-02-07 Hrl Laboratories, Llc Privacy-preserving multi-client and cloud computation with application to secure navigation
CN109377360A (en) * 2018-08-31 2019-02-22 西安电子科技大学 Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105794145A (en) * 2013-11-27 2016-07-20 微软技术许可有限责任公司 Server-aided private set intersection (PSI) with data transfer
CN105468986A (en) * 2015-12-02 2016-04-06 深圳大学 Confidential information retrieval method and system
CN106961336A (en) * 2017-04-18 2017-07-18 北京百旺信安科技有限公司 A kind of key components trustship method and system based on SM2 algorithms
WO2019027787A1 (en) * 2017-08-03 2019-02-07 Hrl Laboratories, Llc Privacy-preserving multi-client and cloud computation with application to secure navigation
CN109377360A (en) * 2018-08-31 2019-02-22 西安电子科技大学 Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm

Similar Documents

Publication Publication Date Title
CN109714165B (en) Key management method for client to generate key components respectively and electronic equipment
Abbasinezhad-Mood et al. An anonymous ECC-based self-certified key distribution scheme for the smart grid
Mahmood et al. Pairing based anonymous and secure key agreement protocol for smart grid edge computing infrastructure
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
Zhang et al. Secure smart health with privacy-aware aggregate authentication and access control in Internet of Things
Khan et al. LAKAF: Lightweight authentication and key agreement framework for smart grid network
US10178090B2 (en) System and methods for protecting keys using garbled circuits
US11223486B2 (en) Digital signature method, device, and system
CN110138567A (en) A kind of collaboration endorsement method based on ECDSA
He et al. Analysis of handover authentication protocols for mobile wireless networks using identity-based public key cryptography
CN110635912B (en) Data processing method and device
CN109818754B (en) Method and equipment for generating keys for multiple clients and single server by client
CN105049434A (en) Identity authentication method and encryption communication method under peer-to-peer network environment
CN109787762B (en) Key management method for server to generate key components respectively and electronic equipment
Nam et al. Password-only authenticated three-party key exchange with provable security in the standard model
CN109818753B (en) Method and equipment for generating key for multiple clients and multiple servers by one client
CN109981591B (en) Key management method for generating private key by single client and electronic equipment
Zhong et al. Authentication and key agreement based on anonymous identity for peer-to-peer cloud
CN117353912A (en) Three-party privacy set intersection base number calculation method and system based on bilinear mapping
CN108964906B (en) Digital signature method for cooperation with ECC
Li et al. Two-party attribute-based key agreement protocol with constant-size ciphertext and key
WO2020172889A1 (en) Key management method in which clients separately generate key components, and electronic device
CN111460463A (en) Electronic deposit certificate storage and notarization method, device, equipment and storage medium
WO2020172890A1 (en) Method and device for client to generate key for multiple clients and single server
WO2020172882A1 (en) Method and device for selecting client to generate key for multiple clients and multiple servers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19916713

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19916713

Country of ref document: EP

Kind code of ref document: A1