CN103916237B - Method and system for managing user encrypted-key retrieval - Google Patents

Method and system for managing user encrypted-key retrieval Download PDF

Info

Publication number
CN103916237B
CN103916237B CN201210591471.5A CN201210591471A CN103916237B CN 103916237 B CN103916237 B CN 103916237B CN 201210591471 A CN201210591471 A CN 201210591471A CN 103916237 B CN103916237 B CN 103916237B
Authority
CN
China
Prior art keywords
user
key
recovery
application
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210591471.5A
Other languages
Chinese (zh)
Other versions
CN103916237A (en
Inventor
林文辉
耿方
郭向国
杜悦琨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201210591471.5A priority Critical patent/CN103916237B/en
Publication of CN103916237A publication Critical patent/CN103916237A/en
Application granted granted Critical
Publication of CN103916237B publication Critical patent/CN103916237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention provides a method and system for managing user encrypted-key retrieval. The method includes: a certificate authority receives a user certificate key retrieval request sent by a certificate registration center and the certificate authority adds retrieval application reason information into an expansion option of a user certificate and sends a key retrieval service request, which includes the expansion option of the user certificate, to a key management center; and the key management center analyzes the key retrieval request information and obtains user information and a retrieval application reason and retrieves a encrypted-key pair of the user according to the user information and performs correlation saving on the retrieval application reason and the encrypted-key pair and then returns the encrypted-key pair to the certificate authority. Through introducing the user key retrieval information into the expansion option of the user certificate, the method and system for managing user encrypted-key retrieval are capable of realizing that the key management center is enabled to obtain more complete key retrieval application information and thus it is realized that the key management center manages and identifies user encrypted-key retrieval effectively.

Description

The method and system that user encryption key recovery is managed
Technical field
The present invention relates to key management technology field, more particularly, to a kind of side that user encryption key recovery is managed Method and system.
Background technology
Based on PKI(Public Key Infrastructure, PKIX)The digital certificate of technology is in electronics business Using more and more extensive, user's sharp increase in the application such as business, E-Government, Web bank.PKI is by using public-key cryptography Technology and digital certificate are guaranteeing system information safety, and are responsible for a kind of system of checking digital certificate holder's identity.One Intactly PKI system is soft by the application of certification authority, KMC, registration body, directory service and safety certification The part such as part, certificate application service forms.
CA(Certificate authority, authentication center)As the third party of trust in e-commerce transaction, specially Door solves the legal sex chromosome mosaicism of public key in Public Key Infrastructure.CA is that each uses the user of public-key cryptography to provide a digital certificate, The effect of digital certificate is to confirm that the user's name listed in certificate is corresponding with the public-key cryptography listed in certificate.The numeral of CA Signature makes attacker can not forge and juggle the figures certificate.
KM(Key Management, key management)System be responsible for CA system provide the generation of key, preservation, backup, The cipher key service such as update, recover, inquiring about, KM system is except providing the generic key management services of encryption key, acceptable The service of judicial evidence collection is provided for judicial personnel, extensive cryptographic applications institute in distributed-distribution system environment can be solved The cipher key management considerations brought.It should support SM2 algorithm and RSA Algorithm, and the storage of key pair is also all based on national regulation, with The interface specification of CA system complies fully with the requirement of national regulation, meets due as the KMC of a high standard Safety, function, performance requirement.
The management of key is the most key safety problem in PKI system, after CA system signs and issues user's double certificate, for label Name certificate, private key is preserved by user itself, and externally issues public key certificate.If the private key leakage of user, attacker is permissible Forge user's signature information using this private key it is also possible to decipher the encryption information of this user, thereby ensure that the safety of private key for user Property is the content of core in key management.And for encrypted certificate, public and private key is produced by KM and manages, the distribution of private key It is also the key problem of key management, if USBKEY is damaged by user, need to submit key recovery application to, regain encryption Certificate, the ciphertext encrypted to front encrypted certificate could be decrypted, meets daily need.
The key of PKI system safety problem is key management.Public key in signing certificate is published by public key certificate, To ensure its integrity by the signature of certificate authority CA.Private key is preserved by user is secret, once leaking, attacker just has The encryption information issuing private key user may be deciphered, or the signature forging cipher key user.Therefore, the key issue of key management It is to ensure that the safety of private key.The absolute safety of private key is currently mainly protected using the physical characteristics of hardware device.With The private key at family is generated and be only stored in storage medium and cannot derive by hardware device.Access this private key for user can only pass through The password of user's setting themselves, to access, guarantees in addition to user, and all other men all cannot be using this private key letter Breath.
And when using encrypted certificate, during the situation that user goes out active or damages equipment of itself, user is permissible The mode such as report the loss in time stops the use to this key pair.But user's existing encryption file will be unable to deciphering and reads, therefore Provide the recovery management of encryption key pair in PKI management system, this can also provide for judicial evidence collection and support simultaneously.
Generation and the recovery of encryption key in existing key recovery mechanism, is realized by KMC.Except department During method evidence obtaining except in the case of KM end is recovered, other situations are user in RA(Register Authority, in certificate registration The heart)Hold the mode filed an application.When user needs to recover key, accepted by RA by user first and a little file an application, pass through After manager's examination & verification is passed through, RA ability sends application to CA, and CA calls the key recovery interface of KMC to send request, close The encryption key of this user is returned to CA by digital envelope by key administrative center, and CA is returned to signing and issuing user certificate by this key Back to RA, finally download in the storage medium of user certificate.In whole process, only RA manager is applied for, remaining Link is system and is automatically performed, and CA and KMC all do not carry out recovering control and restriction, lack perfect management, It is unfavorable for that KM system is that multiple CA service it is impossible to being recorded to the key recovery event of user and managing.
Content of the invention
The embodiment provides a kind of method and system that user encryption key recovery is managed, to realize User encryption key recovery is effectively managed, identified.
A kind of method that user encryption key recovery is managed, including:
Authentication center receive Registration Authority transmission user certificate key recovery request, described authentication center with Add in the scaling option of family certificate and recover application thing by information, send, to KMC, the expansion comprising described user certificate The key recovery service request of exhibition option;
Described KMC parses to described key recovery request information, obtains user profile and recovers application The origin of an incident, recovers the encryption key pair of user according to described user profile, by the described application origin of an incident and the encryption key of recovering to entering Row association preserves, and by described encryption key to returning to described authentication center.
A kind of system that user encryption key recovery is managed, including:
Authentication center, for receiving the user certificate key recovery request of Registration Authority transmission, in user certificate Add in scaling option and recover application thing by information, send, to KMC, the scaling option comprising described user certificate Key recovery service request;
KMC, the key recovery request for sending over to described authentication center parses, and obtains and uses Family information and the recovery application origin of an incident, recover the encryption key pair of user according to described user profile, recover application thing by described By with encryption key to being associated preserving, and by described encryption key to returning to described authentication center.
The embodiment of the present invention be can be seen that by the technical scheme that embodiments of the invention described above provide by CA, user is close Key recovers information(Including user recovery time, recover the application origin of an incident, recover number information)It is incorporated into the extension choosing of user certificate Xiang Zhong, it is possible to achieve allow KMC obtain more perfect key recovery application information it is achieved that KMC pair User encryption key recovery is effectively managed, is identified it is possible to be chased after to key recovery event according to user certificate information Trace back, ensure that user key recovers the safety of flow process and efficient manageability.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be to required use in embodiment description Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill of field, without having to pay creative labor, other can also be obtained according to these accompanying drawings Accompanying drawing.
A kind of processing stream to the method that user encryption key recovery is managed that Fig. 1 provides for the embodiment of the present invention one Journey schematic diagram;
Fig. 2 shows for a kind of structure to the system that user encryption key recovery is managed that the embodiment of the present invention two provides It is intended to.
Specific embodiment
For ease of the understanding to the embodiment of the present invention, do further below in conjunction with accompanying drawing taking several specific embodiments as a example Explanation, and each embodiment does not constitute the restriction to the embodiment of the present invention.
Embodiment one
A kind of handling process to the method that user encryption key recovery is managed provided in an embodiment of the present invention is illustrated Figure is as shown in figure 1, include following process step:
Step 1, the user terminal of user accept a submission key recovery application to RA, comprise close in this key recovery application Key recovers application form and user related information, comprise in above-mentioned key recovery application form user recovery time, recover the application origin of an incident, Recover number information;
The manager that step 2, RA accept a little carries out first trial to above-mentioned key recovery application request, and use is mainly verified in this first trial Family personally identifiable information, including user name, user certificate, and verifies whether the user of the key being asked to recover is above-mentioned User.
Step 3, when the key recovery application of above-mentioned user terminal eligible, after first trial is qualified, RA accepts a little will be above-mentioned The key recovery application of user terminal is sent to RA center;If the key recovery application first trial of above-mentioned user terminal is unqualified, Then give to refuse;
Step 4, RA center are audited to the key recovery application of above-mentioned user terminal, and above-mentioned use is mainly audited in this examination & verification Whether family is validated user, and this RA accepts a little whether have permission the key recovery application request submitting this user to, i.e. this use Whether family returns this RA to accept a management.
Step 5, when the key recovery application of above-mentioned user terminal eligible, examination & verification qualified after, the manager at RA center The credential key recovery request of above-mentioned user is sent to CA according to above-mentioned key recovery application form and user related information;If on The key recovery application examination & verification stating user terminal is unqualified, then give to refuse;
After step 6, CA receive the credential key recovery request of above-mentioned user, the credential key storing above-mentioned user recovers Shen Relevant information please, including above-mentioned key recovery application form and user related information;
The credential key of step 7, the CA above-mentioned user according to storage recovers the relevant information tissue key recovery clothes of application Business request, and the digital certificate of above-mentioned user is extended.
The scaling option of digital certificate is mainly used in writing this digital certificate data message required in practical application, It has considerable flexibility, and in actual applications, the concrete business that digital certificate uses can sign and issue machine to CA as needed Structure registers scaling option.Each scaling option includes three fields:Type, could default, value, wherein, type field definition Data type in extension value field, this type can be simple character string, numerical value, date, picture or a complexity Data type;Could default field be a bit identification position.When extension be designated indispensable save time, corresponding expanding value is described Extremely important, application program can not ignore this information.If the application program using digital certificate can not process this field Content, just should refuse this digital certificate;Extension value field contains the actual data of this extension, by using digital certificate Application program is reading use.
Above-mentioned key recovery service request includes protocol version, service request identifier, CA identifier, digital certificate Scaling option and the signature of solicited message, add user key to recover information, this user is close in the scaling option of digital certificate Key recovery information includes user requestTime recovery time, recovers application origin of an incident requestReason, recovers number of times The information such as requestList.
The form of the scaling option of above-mentioned digital certificate is as follows:
ReqProofValue=Sign { reqType | | requestList | | requestTime | | requestReason};
Above-mentioned key recovery service request is sent to KMC by step 8, CA;
Step 9, KMC receive the above-mentioned key recovery service request that CA sends, and check and determine this key recovery The legitimacy of service request;
If step 10 checks that above-mentioned key recovery service request is illegal, KMC takes to this key recovery Business request gives to refuse;If checking, above-mentioned key recovery service request is legal, and KMC executes next step.
Step 11, KMC then parse above-mentioned key recovery service request, obtain user profile and user is extensive The information such as multiple time, the recovery application origin of an incident, recovery number of times.Key recovery module recovery is passed through according to the user profile that parsing obtains The encryption key pair of this user, including private key and public key, carries out digital envelope to private key and processes and return to CA, meanwhile, Also return the information such as client public key to CA center.
Above-mentioned user key is recovered information by KMC(Including user recovery time, recover the application origin of an incident, recovery Number of times)With user key, data base is stored in information association, provides for business such as follow-up management person's inquiry, audit, judicial evidence collections Service.
The digital envelope deblocking that step 12, CA return to above-mentioned KMC, obtains above-mentioned KMC and returns The private key of encryption key centering of user returning and public key information, the private key according to this encryption key centering and public key information tissue And sign and issue user certificate, the scaling option of user certificate adds the relative recording information of this key recovery, including: User recovery time, recover the application origin of an incident, recover number information.
The credential key of the user certificate signed and issued information and the above-mentioned user storing before is recovered the phase of application by CA simultaneously Close information association, be stored in data base, provide service for business such as log audit, certificate management, judicial evidence collections.
Step 13, CA carry out after digital envelope process to the user certificate information signed and issued, by SSL(Secure Sockets Layer, SSL)Safe encrypted tunnel is sent to RA center;
Step 14, RA recover above-mentioned user certificate centrally through to digital envelope deblocking, the user certificate that this is recovered Information downloads in the key storage media of user, completes a user key and recovers flow process.
Embodiment two
A kind of structural representation to the system that user encryption key recovery is managed such as Fig. 2 institute that this embodiment provides Show, including:
Authentication center 21, for receiving the user certificate key recovery request of Registration Authority transmission, in user certificate Scaling option in add and recover application thing by information, send, to KMC, the scaling option comprising described user certificate Key recovery service request;
KMC 22, the key recovery request for sending over to described authentication center parses, and obtains User profile and the recovery application origin of an incident, recover the encryption key pair of user according to described user profile, recover application thing by described By with encryption key to being associated preserving, and by described encryption key to returning to described authentication center.
Further, described system can also include:
Registration Authority accepts a little 23, for the key recovery application that sends of user terminal of receive user, this key Recover to comprise key recovery application form and user related information in application, when comprising user's recovery in described key recovery application form Between, recover application the origin of an incident, recover number information, to described key recovery application request carry out first trial, after first trial is qualified, by institute State key recovery application and be sent to Registration Authority;
Registration Authority 24, examines for described Registration Authority is accepted with a key recovery application sending Core, after examination & verification is qualified, sends described user's according to described key recovery application form and user related information to authentication center Credential key recovery request.
Specifically, described authentication center 21, after being additionally operable to receive described credential key recovery request, stores described key Recover application form and user related information;
Described key recovery application form according to storage and user related information tissue key recovery service request, this key Recover service request include protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and The signature of solicited message, adds user recovery time in the scaling option of described digital certificate, recovers the application origin of an incident, recovers time Number information;
Described key recovery service request is sent to KMC.
Specifically, described KMC 22, after being additionally operable to receive described key recovery service request, checks really The legitimacy of fixed described key recovery service request, after checking that the described key recovery service request of determination is legal, parsing is described Key recovery service request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number information;
Recover the encryption key pair including private key and public key of described user according to the user profile that parsing obtains, by institute State the encryption key of user to described user recovery time, recover the application origin of an incident, recover number information and be associated storing;
Described private key is carried out after digital envelope process, described private key and public key are sent to described authentication center.
Specifically, described authentication center 21, is additionally operable to the digital envelope deblocking that described KMC is returned, obtains Take the encryption key pair of the user that described KMC returns, according to this encryption key to organizing and sign and issue user certificate, Add the relative recording information of this key recovery in the scaling option of user certificate, this relative recording information includes:User Recovery time, the recovery application origin of an incident, recovery number information;
By the user certificate signed and issued information and the described user recovery time storing before, recover the application origin of an incident, recover time Number information is associated;
The user certificate information signed and issued is carried out, after digital envelope process, being sent to certificate registration by safe encrypted tunnel Center;
Specifically, described Registration Authority 24, is additionally operable to the digital envelope deblocking that described authentication center is returned, extensive Appear again described user certificate, the user certificate information of recovery is downloaded in the key storage media of user, completes a user Key recovery flow process.
Carry out detailed process that user encryption key recovery is managed and aforementioned side with the system of the embodiment of the present invention Method embodiment is similar to, and here is omitted.
One of ordinary skill in the art will appreciate that:Accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or Flow process is not necessarily implemented necessary to the present invention.
One of ordinary skill in the art will appreciate that:The module in equipment in embodiment can be according to embodiment description point It is distributed in the equipment of embodiment and be disposed other than in one or more equipment of the present embodiment it is also possible to carry out respective change.On The module stating embodiment can merge into a module it is also possible to be further split into multiple submodule.
In sum, user key is recovered information by CA by the embodiment of the present invention(Including user recovery time, recover Shen Please the origin of an incident, recovery number information)It is incorporated in the scaling option of user certificate, the communication protocols of extension CA and KMC View, it is possible to achieve allow KMC obtain more perfect key recovery application information, and the data in KMC Increase key recovery log recording in storehouse.Achieve KMC user encryption key recovery is effectively managed, knows Not it is possible to review to key recovery event according to user certificate information, ensure that user key recovers the safety of flow process With efficient manageability, the safety management to PKI system effectively supplemented and optimized.Can also it be follow-up day simultaneously The business such as will audit, certificate management, judicial evidence collection provide service.
In the embodiment of the present invention, in CA data base, information is recovered to the user certificate recovering and user key and is associated, And storing user key recovery correlation log information, it is possible to achieve CA recovers flow process for user key and does not all carry out recovering control System and restriction, are conducive to KM system to provide service for multiple CA.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any those familiar with the art the invention discloses technical scope in, the change or replacement that can readily occur in, All should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (6)

1. a kind of method that user encryption key recovery is managed is it is characterised in that include:
Authentication center receives the user certificate key recovery request of Registration Authority transmission, and described authentication center is in user certificate Add in the scaling option of book and recover application thing by information, send the extension choosing comprising described user certificate to KMC The key recovery service request of item;
Described KMC parses to described key recovery request information, obtains user profile and recovers application thing By recovering the encryption key pair of user according to described user profile, by the described application origin of an incident and the encryption key of recovering to carrying out Association preserves, and by described encryption key to returning to described authentication center;
Described by the described application origin of an incident and the encryption key of recovering to being associated preserving, and by described encryption key to returning to Described authentication center, including:
After described KMC receives described key recovery service request, check and determine described key recovery service request Legitimacy, after checking and determining that described key recovery service request is legal, it is extensive that described KMC parses described key Multiple service request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number information;
Described KMC recovers the inclusion private key of described user and adding of public key according to the user profile that parsing obtains Key pair, by the encryption key of described user to described user recovery time, recover the application origin of an incident, recover number information and enter Row associated storage;
Described KMC is carried out after digital envelope process to described private key, by described private key and public key be sent to described in recognize Card center;
Described method also includes:
The digital envelope deblocking that authentication center returns to described KMC, obtains the use that described KMC returns The encryption key pair at family, according to this encryption key to organizing and signing and issuing user certificate, adds in the scaling option of user certificate The relative recording information of this key recovery, this relative recording information includes:User recovery time, recover the application origin of an incident, recovery Number information;
Described authentication center by the user certificate signed and issued information and the described user recovery time storing before, recover application thing By, recover number information be associated;
Described authentication center carries out, after digital envelope process, being sent to by safe encrypted tunnel to the user certificate information signed and issued Registration Authority, the digital envelope deblocking that described Registration Authority returns to described authentication center, recover described user Certificate, the user certificate information of recovery is downloaded in the key storage media of user, completes a user key and recovers flow process.
2. the method that user encryption key recovery is managed according to claim 1 is it is characterised in that described certification Before center receives the user certificate key recovery request of Registration Authority transmission, also include:
The user terminal of user accepts a submission key recovery application to Registration Authority, comprises close in this key recovery application Key recovers application form and user related information, comprise in above-mentioned key recovery application form user recovery time, recover the application origin of an incident, Recover number information;
Described Registration Authority accepts and a little carries out first trial to described key recovery application request, after first trial is qualified, described card Book registration center accepts and a little described key recovery application is sent to Registration Authority, and this Registration Authority is to described key Recover application to be audited;
After examination & verification is qualified, described Registration Authority is according to described key recovery application form and user related information in certification The heart sends the credential key recovery request of described user.
3. the method that user encryption key recovery is managed according to claim 1 is it is characterised in that described recognizes Card center adds recovery application thing by information in the scaling option of user certificate, sends to KMC and comprises described use The key recovery service request of the scaling option of family certificate, including:
After authentication center receives described credential key recovery request, store described key recovery application form and user related information;
Described authentication center please according to the described key recovery application form of storage and user related information tissue key recovery service Ask, this key recovery service request includes protocol version, service request identifier, authentication center's identifier, digital certificate Scaling option and the signature of solicited message, add user recovery time in the scaling option of described digital certificate, recover application The origin of an incident, recovery number information;
Described key recovery service request is sent to KMC by described authentication center.
4. a kind of system that user encryption key recovery is managed is it is characterised in that include:
Authentication center, for receiving the user certificate key recovery request of Registration Authority transmission, in the extension of user certificate Add in option and recover application thing by information, send the key of the scaling option comprising described user certificate to KMC Recover service request;
KMC, the key recovery request for sending over to described authentication center parses, and obtains user's letter Breath and recover application the origin of an incident, recover the encryption key pair of user according to described user profile, by described recover application the origin of an incident and Encryption key to being associated preserving, and by described encryption key to returning to described authentication center;
Described KMC, after being additionally operable to receive described key recovery service request, checks and determines that described key is extensive The legitimacy of multiple service request, after checking that the described key recovery service request of determination is legal, parses described key recovery service Request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number information;
Recover the encryption key pair including private key and public key of described user according to the user profile that parsing obtains, by described use The encryption key at family to described user recovery time, recover the application origin of an incident, recover number information and be associated storing;
Described private key is carried out after digital envelope process, described private key and public key are sent to described authentication center;
Described authentication center, is additionally operable to the digital envelope deblocking that described KMC is returned, obtains described key pipe The encryption key pair of the user that reason center returns, according to this encryption key to organizing and signing and issuing user certificate, in user certificate The relative recording information of this key recovery is added, this relative recording information includes in scaling option:User recovery time, recovery The application origin of an incident, recovery number information;
By the user certificate signed and issued information and the described user recovery time storing before, recover the application origin of an incident, recover number of times letter Breath is associated;
The user certificate information signed and issued is carried out, after digital envelope process, being sent in certificate registration by safe encrypted tunnel The heart;
Described Registration Authority, is additionally operable to the digital envelope deblocking that described authentication center is returned, recovers described user certificate Book, the user certificate information of recovery is downloaded in the key storage media of user, completes a user key and recovers flow process.
5. the system that user encryption key recovery is managed according to claim 4 is it is characterised in that described system Also include:
Registration Authority accepts a little, for the key recovery application of the user terminal transmission of receive user, this key recovery Shen Please in comprise key recovery application form and user related information, comprise user recovery time, extensive in described key recovery application form The application origin of an incident, recovery number information, carry out first trial to described key recovery application request again, after first trial is qualified, will be described close Key recovers application and is sent to Registration Authority;
Registration Authority, audits for described Registration Authority is accepted with a key recovery application sending, is examining After core is qualified, the credential key of described user is sent to authentication center according to described key recovery application form and user related information Recovery request.
6. the system that user encryption key recovery is managed according to claim 4 it is characterised in that:
Described authentication center, after being additionally operable to receive described credential key recovery request, store described key recovery application form and User related information;
Described key recovery application form according to storage and user related information tissue key recovery service request, this key recovery Service request includes protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and request The signature of information, adds user recovery time in the scaling option of described digital certificate, recovers the application origin of an incident, recovers number of times letter Breath;
Described key recovery service request is sent to KMC.
CN201210591471.5A 2012-12-30 2012-12-30 Method and system for managing user encrypted-key retrieval Active CN103916237B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210591471.5A CN103916237B (en) 2012-12-30 2012-12-30 Method and system for managing user encrypted-key retrieval

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210591471.5A CN103916237B (en) 2012-12-30 2012-12-30 Method and system for managing user encrypted-key retrieval

Publications (2)

Publication Number Publication Date
CN103916237A CN103916237A (en) 2014-07-09
CN103916237B true CN103916237B (en) 2017-02-15

Family

ID=51041658

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210591471.5A Active CN103916237B (en) 2012-12-30 2012-12-30 Method and system for managing user encrypted-key retrieval

Country Status (1)

Country Link
CN (1) CN103916237B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111628873A (en) * 2020-07-28 2020-09-04 四川省数字证书认证管理中心有限公司 Method for storing digital certificate solidified data telegraph text
CN112636927B (en) * 2020-12-28 2022-08-16 郑州信大先进技术研究院 KPI (Key performance indicator) double-certificate-based cloud platform encryption method
CN113541935B (en) * 2021-06-08 2022-06-03 西安电子科技大学 Encryption cloud storage method, system, equipment and terminal supporting key escrow
CN115102788B (en) * 2022-08-10 2023-01-17 北京安盟信息技术股份有限公司 Method for improving performance of digital envelope through key reuse and digital envelope

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1162779A2 (en) * 2000-06-09 2001-12-12 TRW Inc. System and method for third party recovery of encryption certificates in a public key infrastructure
CN101567780A (en) * 2009-03-20 2009-10-28 武汉理工大学 Key management and recovery method for encrypted digital certificate
CN102299927A (en) * 2011-08-31 2011-12-28 四川长虹电器股份有限公司 Content security supervision system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1162779A2 (en) * 2000-06-09 2001-12-12 TRW Inc. System and method for third party recovery of encryption certificates in a public key infrastructure
CN101567780A (en) * 2009-03-20 2009-10-28 武汉理工大学 Key management and recovery method for encrypted digital certificate
CN102299927A (en) * 2011-08-31 2011-12-28 四川长虹电器股份有限公司 Content security supervision system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"可信计算中PrivacyCA***的研究与实现";李超零;《中国优秀硕士学位论文全文数据库信息科技辑》;20120215(第2(2012)期);正文第6.3.3.4、6.3.4节,表6.4 *

Also Published As

Publication number Publication date
CN103916237A (en) 2014-07-09

Similar Documents

Publication Publication Date Title
CN107566117B (en) A kind of block chain key management system and method
CN106779636B (en) Block chain digital currency wallet based on mobile phone earphone interface
US8842833B2 (en) System and method for secure transaction of data between wireless communication device and server
US11880831B2 (en) Encryption system, encryption key wallet and method
US6611913B1 (en) Escrowed key distribution for over-the-air service provisioning in wireless communication networks
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
US9490979B2 (en) System and method for providing credentials
CN107483212A (en) A kind of method of both sides' cooperation generation digital signature
IL300542A (en) Transferring cryptocurrency from a remote limited access wallet
CN101399666A (en) Safety control method and system for digital certificate of file
CN112182609A (en) Block chain-based data uplink storage method and tracing method, device and equipment
JPH1127253A (en) Key recovery system, key recovery device, recording medium for storing key recovery program and key recovery method
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN106685645A (en) Key backup and recovery method and system for secure chip service key
WO2012072001A1 (en) Safe method for card issuing, card issuing device and system
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
CN114900304B (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN109981255A (en) The update method and system of pool of keys
CN102075327A (en) Method, device and system for unlocking electronic key
CN108650080A (en) A kind of key management method and system
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN107360002A (en) A kind of application method of digital certificate
CN109981287A (en) A kind of code signature method and its storage medium
CN103916237B (en) Method and system for managing user encrypted-key retrieval
CN113824551B (en) Quantum key distribution method applied to secure storage system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant