CN103916237B - Method and system for managing user encrypted-key retrieval - Google Patents
Method and system for managing user encrypted-key retrieval Download PDFInfo
- Publication number
- CN103916237B CN103916237B CN201210591471.5A CN201210591471A CN103916237B CN 103916237 B CN103916237 B CN 103916237B CN 201210591471 A CN201210591471 A CN 201210591471A CN 103916237 B CN103916237 B CN 103916237B
- Authority
- CN
- China
- Prior art keywords
- user
- key
- recovery
- application
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides a method and system for managing user encrypted-key retrieval. The method includes: a certificate authority receives a user certificate key retrieval request sent by a certificate registration center and the certificate authority adds retrieval application reason information into an expansion option of a user certificate and sends a key retrieval service request, which includes the expansion option of the user certificate, to a key management center; and the key management center analyzes the key retrieval request information and obtains user information and a retrieval application reason and retrieves a encrypted-key pair of the user according to the user information and performs correlation saving on the retrieval application reason and the encrypted-key pair and then returns the encrypted-key pair to the certificate authority. Through introducing the user key retrieval information into the expansion option of the user certificate, the method and system for managing user encrypted-key retrieval are capable of realizing that the key management center is enabled to obtain more complete key retrieval application information and thus it is realized that the key management center manages and identifies user encrypted-key retrieval effectively.
Description
Technical field
The present invention relates to key management technology field, more particularly, to a kind of side that user encryption key recovery is managed
Method and system.
Background technology
Based on PKI(Public Key Infrastructure, PKIX)The digital certificate of technology is in electronics business
Using more and more extensive, user's sharp increase in the application such as business, E-Government, Web bank.PKI is by using public-key cryptography
Technology and digital certificate are guaranteeing system information safety, and are responsible for a kind of system of checking digital certificate holder's identity.One
Intactly PKI system is soft by the application of certification authority, KMC, registration body, directory service and safety certification
The part such as part, certificate application service forms.
CA(Certificate authority, authentication center)As the third party of trust in e-commerce transaction, specially
Door solves the legal sex chromosome mosaicism of public key in Public Key Infrastructure.CA is that each uses the user of public-key cryptography to provide a digital certificate,
The effect of digital certificate is to confirm that the user's name listed in certificate is corresponding with the public-key cryptography listed in certificate.The numeral of CA
Signature makes attacker can not forge and juggle the figures certificate.
KM(Key Management, key management)System be responsible for CA system provide the generation of key, preservation, backup,
The cipher key service such as update, recover, inquiring about, KM system is except providing the generic key management services of encryption key, acceptable
The service of judicial evidence collection is provided for judicial personnel, extensive cryptographic applications institute in distributed-distribution system environment can be solved
The cipher key management considerations brought.It should support SM2 algorithm and RSA Algorithm, and the storage of key pair is also all based on national regulation, with
The interface specification of CA system complies fully with the requirement of national regulation, meets due as the KMC of a high standard
Safety, function, performance requirement.
The management of key is the most key safety problem in PKI system, after CA system signs and issues user's double certificate, for label
Name certificate, private key is preserved by user itself, and externally issues public key certificate.If the private key leakage of user, attacker is permissible
Forge user's signature information using this private key it is also possible to decipher the encryption information of this user, thereby ensure that the safety of private key for user
Property is the content of core in key management.And for encrypted certificate, public and private key is produced by KM and manages, the distribution of private key
It is also the key problem of key management, if USBKEY is damaged by user, need to submit key recovery application to, regain encryption
Certificate, the ciphertext encrypted to front encrypted certificate could be decrypted, meets daily need.
The key of PKI system safety problem is key management.Public key in signing certificate is published by public key certificate,
To ensure its integrity by the signature of certificate authority CA.Private key is preserved by user is secret, once leaking, attacker just has
The encryption information issuing private key user may be deciphered, or the signature forging cipher key user.Therefore, the key issue of key management
It is to ensure that the safety of private key.The absolute safety of private key is currently mainly protected using the physical characteristics of hardware device.With
The private key at family is generated and be only stored in storage medium and cannot derive by hardware device.Access this private key for user can only pass through
The password of user's setting themselves, to access, guarantees in addition to user, and all other men all cannot be using this private key letter
Breath.
And when using encrypted certificate, during the situation that user goes out active or damages equipment of itself, user is permissible
The mode such as report the loss in time stops the use to this key pair.But user's existing encryption file will be unable to deciphering and reads, therefore
Provide the recovery management of encryption key pair in PKI management system, this can also provide for judicial evidence collection and support simultaneously.
Generation and the recovery of encryption key in existing key recovery mechanism, is realized by KMC.Except department
During method evidence obtaining except in the case of KM end is recovered, other situations are user in RA(Register Authority, in certificate registration
The heart)Hold the mode filed an application.When user needs to recover key, accepted by RA by user first and a little file an application, pass through
After manager's examination & verification is passed through, RA ability sends application to CA, and CA calls the key recovery interface of KMC to send request, close
The encryption key of this user is returned to CA by digital envelope by key administrative center, and CA is returned to signing and issuing user certificate by this key
Back to RA, finally download in the storage medium of user certificate.In whole process, only RA manager is applied for, remaining
Link is system and is automatically performed, and CA and KMC all do not carry out recovering control and restriction, lack perfect management,
It is unfavorable for that KM system is that multiple CA service it is impossible to being recorded to the key recovery event of user and managing.
Content of the invention
The embodiment provides a kind of method and system that user encryption key recovery is managed, to realize
User encryption key recovery is effectively managed, identified.
A kind of method that user encryption key recovery is managed, including:
Authentication center receive Registration Authority transmission user certificate key recovery request, described authentication center with
Add in the scaling option of family certificate and recover application thing by information, send, to KMC, the expansion comprising described user certificate
The key recovery service request of exhibition option;
Described KMC parses to described key recovery request information, obtains user profile and recovers application
The origin of an incident, recovers the encryption key pair of user according to described user profile, by the described application origin of an incident and the encryption key of recovering to entering
Row association preserves, and by described encryption key to returning to described authentication center.
A kind of system that user encryption key recovery is managed, including:
Authentication center, for receiving the user certificate key recovery request of Registration Authority transmission, in user certificate
Add in scaling option and recover application thing by information, send, to KMC, the scaling option comprising described user certificate
Key recovery service request;
KMC, the key recovery request for sending over to described authentication center parses, and obtains and uses
Family information and the recovery application origin of an incident, recover the encryption key pair of user according to described user profile, recover application thing by described
By with encryption key to being associated preserving, and by described encryption key to returning to described authentication center.
The embodiment of the present invention be can be seen that by the technical scheme that embodiments of the invention described above provide by CA, user is close
Key recovers information(Including user recovery time, recover the application origin of an incident, recover number information)It is incorporated into the extension choosing of user certificate
Xiang Zhong, it is possible to achieve allow KMC obtain more perfect key recovery application information it is achieved that KMC pair
User encryption key recovery is effectively managed, is identified it is possible to be chased after to key recovery event according to user certificate information
Trace back, ensure that user key recovers the safety of flow process and efficient manageability.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be to required use in embodiment description
Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill of field, without having to pay creative labor, other can also be obtained according to these accompanying drawings
Accompanying drawing.
A kind of processing stream to the method that user encryption key recovery is managed that Fig. 1 provides for the embodiment of the present invention one
Journey schematic diagram;
Fig. 2 shows for a kind of structure to the system that user encryption key recovery is managed that the embodiment of the present invention two provides
It is intended to.
Specific embodiment
For ease of the understanding to the embodiment of the present invention, do further below in conjunction with accompanying drawing taking several specific embodiments as a example
Explanation, and each embodiment does not constitute the restriction to the embodiment of the present invention.
Embodiment one
A kind of handling process to the method that user encryption key recovery is managed provided in an embodiment of the present invention is illustrated
Figure is as shown in figure 1, include following process step:
Step 1, the user terminal of user accept a submission key recovery application to RA, comprise close in this key recovery application
Key recovers application form and user related information, comprise in above-mentioned key recovery application form user recovery time, recover the application origin of an incident,
Recover number information;
The manager that step 2, RA accept a little carries out first trial to above-mentioned key recovery application request, and use is mainly verified in this first trial
Family personally identifiable information, including user name, user certificate, and verifies whether the user of the key being asked to recover is above-mentioned
User.
Step 3, when the key recovery application of above-mentioned user terminal eligible, after first trial is qualified, RA accepts a little will be above-mentioned
The key recovery application of user terminal is sent to RA center;If the key recovery application first trial of above-mentioned user terminal is unqualified,
Then give to refuse;
Step 4, RA center are audited to the key recovery application of above-mentioned user terminal, and above-mentioned use is mainly audited in this examination & verification
Whether family is validated user, and this RA accepts a little whether have permission the key recovery application request submitting this user to, i.e. this use
Whether family returns this RA to accept a management.
Step 5, when the key recovery application of above-mentioned user terminal eligible, examination & verification qualified after, the manager at RA center
The credential key recovery request of above-mentioned user is sent to CA according to above-mentioned key recovery application form and user related information;If on
The key recovery application examination & verification stating user terminal is unqualified, then give to refuse;
After step 6, CA receive the credential key recovery request of above-mentioned user, the credential key storing above-mentioned user recovers Shen
Relevant information please, including above-mentioned key recovery application form and user related information;
The credential key of step 7, the CA above-mentioned user according to storage recovers the relevant information tissue key recovery clothes of application
Business request, and the digital certificate of above-mentioned user is extended.
The scaling option of digital certificate is mainly used in writing this digital certificate data message required in practical application,
It has considerable flexibility, and in actual applications, the concrete business that digital certificate uses can sign and issue machine to CA as needed
Structure registers scaling option.Each scaling option includes three fields:Type, could default, value, wherein, type field definition
Data type in extension value field, this type can be simple character string, numerical value, date, picture or a complexity
Data type;Could default field be a bit identification position.When extension be designated indispensable save time, corresponding expanding value is described
Extremely important, application program can not ignore this information.If the application program using digital certificate can not process this field
Content, just should refuse this digital certificate;Extension value field contains the actual data of this extension, by using digital certificate
Application program is reading use.
Above-mentioned key recovery service request includes protocol version, service request identifier, CA identifier, digital certificate
Scaling option and the signature of solicited message, add user key to recover information, this user is close in the scaling option of digital certificate
Key recovery information includes user requestTime recovery time, recovers application origin of an incident requestReason, recovers number of times
The information such as requestList.
The form of the scaling option of above-mentioned digital certificate is as follows:
ReqProofValue=Sign { reqType | | requestList | | requestTime | |
requestReason};
Above-mentioned key recovery service request is sent to KMC by step 8, CA;
Step 9, KMC receive the above-mentioned key recovery service request that CA sends, and check and determine this key recovery
The legitimacy of service request;
If step 10 checks that above-mentioned key recovery service request is illegal, KMC takes to this key recovery
Business request gives to refuse;If checking, above-mentioned key recovery service request is legal, and KMC executes next step.
Step 11, KMC then parse above-mentioned key recovery service request, obtain user profile and user is extensive
The information such as multiple time, the recovery application origin of an incident, recovery number of times.Key recovery module recovery is passed through according to the user profile that parsing obtains
The encryption key pair of this user, including private key and public key, carries out digital envelope to private key and processes and return to CA, meanwhile,
Also return the information such as client public key to CA center.
Above-mentioned user key is recovered information by KMC(Including user recovery time, recover the application origin of an incident, recovery
Number of times)With user key, data base is stored in information association, provides for business such as follow-up management person's inquiry, audit, judicial evidence collections
Service.
The digital envelope deblocking that step 12, CA return to above-mentioned KMC, obtains above-mentioned KMC and returns
The private key of encryption key centering of user returning and public key information, the private key according to this encryption key centering and public key information tissue
And sign and issue user certificate, the scaling option of user certificate adds the relative recording information of this key recovery, including:
User recovery time, recover the application origin of an incident, recover number information.
The credential key of the user certificate signed and issued information and the above-mentioned user storing before is recovered the phase of application by CA simultaneously
Close information association, be stored in data base, provide service for business such as log audit, certificate management, judicial evidence collections.
Step 13, CA carry out after digital envelope process to the user certificate information signed and issued, by SSL(Secure
Sockets Layer, SSL)Safe encrypted tunnel is sent to RA center;
Step 14, RA recover above-mentioned user certificate centrally through to digital envelope deblocking, the user certificate that this is recovered
Information downloads in the key storage media of user, completes a user key and recovers flow process.
Embodiment two
A kind of structural representation to the system that user encryption key recovery is managed such as Fig. 2 institute that this embodiment provides
Show, including:
Authentication center 21, for receiving the user certificate key recovery request of Registration Authority transmission, in user certificate
Scaling option in add and recover application thing by information, send, to KMC, the scaling option comprising described user certificate
Key recovery service request;
KMC 22, the key recovery request for sending over to described authentication center parses, and obtains
User profile and the recovery application origin of an incident, recover the encryption key pair of user according to described user profile, recover application thing by described
By with encryption key to being associated preserving, and by described encryption key to returning to described authentication center.
Further, described system can also include:
Registration Authority accepts a little 23, for the key recovery application that sends of user terminal of receive user, this key
Recover to comprise key recovery application form and user related information in application, when comprising user's recovery in described key recovery application form
Between, recover application the origin of an incident, recover number information, to described key recovery application request carry out first trial, after first trial is qualified, by institute
State key recovery application and be sent to Registration Authority;
Registration Authority 24, examines for described Registration Authority is accepted with a key recovery application sending
Core, after examination & verification is qualified, sends described user's according to described key recovery application form and user related information to authentication center
Credential key recovery request.
Specifically, described authentication center 21, after being additionally operable to receive described credential key recovery request, stores described key
Recover application form and user related information;
Described key recovery application form according to storage and user related information tissue key recovery service request, this key
Recover service request include protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and
The signature of solicited message, adds user recovery time in the scaling option of described digital certificate, recovers the application origin of an incident, recovers time
Number information;
Described key recovery service request is sent to KMC.
Specifically, described KMC 22, after being additionally operable to receive described key recovery service request, checks really
The legitimacy of fixed described key recovery service request, after checking that the described key recovery service request of determination is legal, parsing is described
Key recovery service request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number information;
Recover the encryption key pair including private key and public key of described user according to the user profile that parsing obtains, by institute
State the encryption key of user to described user recovery time, recover the application origin of an incident, recover number information and be associated storing;
Described private key is carried out after digital envelope process, described private key and public key are sent to described authentication center.
Specifically, described authentication center 21, is additionally operable to the digital envelope deblocking that described KMC is returned, obtains
Take the encryption key pair of the user that described KMC returns, according to this encryption key to organizing and sign and issue user certificate,
Add the relative recording information of this key recovery in the scaling option of user certificate, this relative recording information includes:User
Recovery time, the recovery application origin of an incident, recovery number information;
By the user certificate signed and issued information and the described user recovery time storing before, recover the application origin of an incident, recover time
Number information is associated;
The user certificate information signed and issued is carried out, after digital envelope process, being sent to certificate registration by safe encrypted tunnel
Center;
Specifically, described Registration Authority 24, is additionally operable to the digital envelope deblocking that described authentication center is returned, extensive
Appear again described user certificate, the user certificate information of recovery is downloaded in the key storage media of user, completes a user
Key recovery flow process.
Carry out detailed process that user encryption key recovery is managed and aforementioned side with the system of the embodiment of the present invention
Method embodiment is similar to, and here is omitted.
One of ordinary skill in the art will appreciate that:Accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or
Flow process is not necessarily implemented necessary to the present invention.
One of ordinary skill in the art will appreciate that:The module in equipment in embodiment can be according to embodiment description point
It is distributed in the equipment of embodiment and be disposed other than in one or more equipment of the present embodiment it is also possible to carry out respective change.On
The module stating embodiment can merge into a module it is also possible to be further split into multiple submodule.
In sum, user key is recovered information by CA by the embodiment of the present invention(Including user recovery time, recover Shen
Please the origin of an incident, recovery number information)It is incorporated in the scaling option of user certificate, the communication protocols of extension CA and KMC
View, it is possible to achieve allow KMC obtain more perfect key recovery application information, and the data in KMC
Increase key recovery log recording in storehouse.Achieve KMC user encryption key recovery is effectively managed, knows
Not it is possible to review to key recovery event according to user certificate information, ensure that user key recovers the safety of flow process
With efficient manageability, the safety management to PKI system effectively supplemented and optimized.Can also it be follow-up day simultaneously
The business such as will audit, certificate management, judicial evidence collection provide service.
In the embodiment of the present invention, in CA data base, information is recovered to the user certificate recovering and user key and is associated,
And storing user key recovery correlation log information, it is possible to achieve CA recovers flow process for user key and does not all carry out recovering control
System and restriction, are conducive to KM system to provide service for multiple CA.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto,
Any those familiar with the art the invention discloses technical scope in, the change or replacement that can readily occur in,
All should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (6)
1. a kind of method that user encryption key recovery is managed is it is characterised in that include:
Authentication center receives the user certificate key recovery request of Registration Authority transmission, and described authentication center is in user certificate
Add in the scaling option of book and recover application thing by information, send the extension choosing comprising described user certificate to KMC
The key recovery service request of item;
Described KMC parses to described key recovery request information, obtains user profile and recovers application thing
By recovering the encryption key pair of user according to described user profile, by the described application origin of an incident and the encryption key of recovering to carrying out
Association preserves, and by described encryption key to returning to described authentication center;
Described by the described application origin of an incident and the encryption key of recovering to being associated preserving, and by described encryption key to returning to
Described authentication center, including:
After described KMC receives described key recovery service request, check and determine described key recovery service request
Legitimacy, after checking and determining that described key recovery service request is legal, it is extensive that described KMC parses described key
Multiple service request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number information;
Described KMC recovers the inclusion private key of described user and adding of public key according to the user profile that parsing obtains
Key pair, by the encryption key of described user to described user recovery time, recover the application origin of an incident, recover number information and enter
Row associated storage;
Described KMC is carried out after digital envelope process to described private key, by described private key and public key be sent to described in recognize
Card center;
Described method also includes:
The digital envelope deblocking that authentication center returns to described KMC, obtains the use that described KMC returns
The encryption key pair at family, according to this encryption key to organizing and signing and issuing user certificate, adds in the scaling option of user certificate
The relative recording information of this key recovery, this relative recording information includes:User recovery time, recover the application origin of an incident, recovery
Number information;
Described authentication center by the user certificate signed and issued information and the described user recovery time storing before, recover application thing
By, recover number information be associated;
Described authentication center carries out, after digital envelope process, being sent to by safe encrypted tunnel to the user certificate information signed and issued
Registration Authority, the digital envelope deblocking that described Registration Authority returns to described authentication center, recover described user
Certificate, the user certificate information of recovery is downloaded in the key storage media of user, completes a user key and recovers flow process.
2. the method that user encryption key recovery is managed according to claim 1 is it is characterised in that described certification
Before center receives the user certificate key recovery request of Registration Authority transmission, also include:
The user terminal of user accepts a submission key recovery application to Registration Authority, comprises close in this key recovery application
Key recovers application form and user related information, comprise in above-mentioned key recovery application form user recovery time, recover the application origin of an incident,
Recover number information;
Described Registration Authority accepts and a little carries out first trial to described key recovery application request, after first trial is qualified, described card
Book registration center accepts and a little described key recovery application is sent to Registration Authority, and this Registration Authority is to described key
Recover application to be audited;
After examination & verification is qualified, described Registration Authority is according to described key recovery application form and user related information in certification
The heart sends the credential key recovery request of described user.
3. the method that user encryption key recovery is managed according to claim 1 is it is characterised in that described recognizes
Card center adds recovery application thing by information in the scaling option of user certificate, sends to KMC and comprises described use
The key recovery service request of the scaling option of family certificate, including:
After authentication center receives described credential key recovery request, store described key recovery application form and user related information;
Described authentication center please according to the described key recovery application form of storage and user related information tissue key recovery service
Ask, this key recovery service request includes protocol version, service request identifier, authentication center's identifier, digital certificate
Scaling option and the signature of solicited message, add user recovery time in the scaling option of described digital certificate, recover application
The origin of an incident, recovery number information;
Described key recovery service request is sent to KMC by described authentication center.
4. a kind of system that user encryption key recovery is managed is it is characterised in that include:
Authentication center, for receiving the user certificate key recovery request of Registration Authority transmission, in the extension of user certificate
Add in option and recover application thing by information, send the key of the scaling option comprising described user certificate to KMC
Recover service request;
KMC, the key recovery request for sending over to described authentication center parses, and obtains user's letter
Breath and recover application the origin of an incident, recover the encryption key pair of user according to described user profile, by described recover application the origin of an incident and
Encryption key to being associated preserving, and by described encryption key to returning to described authentication center;
Described KMC, after being additionally operable to receive described key recovery service request, checks and determines that described key is extensive
The legitimacy of multiple service request, after checking that the described key recovery service request of determination is legal, parses described key recovery service
Request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number information;
Recover the encryption key pair including private key and public key of described user according to the user profile that parsing obtains, by described use
The encryption key at family to described user recovery time, recover the application origin of an incident, recover number information and be associated storing;
Described private key is carried out after digital envelope process, described private key and public key are sent to described authentication center;
Described authentication center, is additionally operable to the digital envelope deblocking that described KMC is returned, obtains described key pipe
The encryption key pair of the user that reason center returns, according to this encryption key to organizing and signing and issuing user certificate, in user certificate
The relative recording information of this key recovery is added, this relative recording information includes in scaling option:User recovery time, recovery
The application origin of an incident, recovery number information;
By the user certificate signed and issued information and the described user recovery time storing before, recover the application origin of an incident, recover number of times letter
Breath is associated;
The user certificate information signed and issued is carried out, after digital envelope process, being sent in certificate registration by safe encrypted tunnel
The heart;
Described Registration Authority, is additionally operable to the digital envelope deblocking that described authentication center is returned, recovers described user certificate
Book, the user certificate information of recovery is downloaded in the key storage media of user, completes a user key and recovers flow process.
5. the system that user encryption key recovery is managed according to claim 4 is it is characterised in that described system
Also include:
Registration Authority accepts a little, for the key recovery application of the user terminal transmission of receive user, this key recovery Shen
Please in comprise key recovery application form and user related information, comprise user recovery time, extensive in described key recovery application form
The application origin of an incident, recovery number information, carry out first trial to described key recovery application request again, after first trial is qualified, will be described close
Key recovers application and is sent to Registration Authority;
Registration Authority, audits for described Registration Authority is accepted with a key recovery application sending, is examining
After core is qualified, the credential key of described user is sent to authentication center according to described key recovery application form and user related information
Recovery request.
6. the system that user encryption key recovery is managed according to claim 4 it is characterised in that:
Described authentication center, after being additionally operable to receive described credential key recovery request, store described key recovery application form and
User related information;
Described key recovery application form according to storage and user related information tissue key recovery service request, this key recovery
Service request includes protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and request
The signature of information, adds user recovery time in the scaling option of described digital certificate, recovers the application origin of an incident, recovers number of times letter
Breath;
Described key recovery service request is sent to KMC.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210591471.5A CN103916237B (en) | 2012-12-30 | 2012-12-30 | Method and system for managing user encrypted-key retrieval |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210591471.5A CN103916237B (en) | 2012-12-30 | 2012-12-30 | Method and system for managing user encrypted-key retrieval |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103916237A CN103916237A (en) | 2014-07-09 |
CN103916237B true CN103916237B (en) | 2017-02-15 |
Family
ID=51041658
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210591471.5A Active CN103916237B (en) | 2012-12-30 | 2012-12-30 | Method and system for managing user encrypted-key retrieval |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103916237B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111628873A (en) * | 2020-07-28 | 2020-09-04 | 四川省数字证书认证管理中心有限公司 | Method for storing digital certificate solidified data telegraph text |
CN112636927B (en) * | 2020-12-28 | 2022-08-16 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
CN113541935B (en) * | 2021-06-08 | 2022-06-03 | 西安电子科技大学 | Encryption cloud storage method, system, equipment and terminal supporting key escrow |
CN115102788B (en) * | 2022-08-10 | 2023-01-17 | 北京安盟信息技术股份有限公司 | Method for improving performance of digital envelope through key reuse and digital envelope |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1162779A2 (en) * | 2000-06-09 | 2001-12-12 | TRW Inc. | System and method for third party recovery of encryption certificates in a public key infrastructure |
CN101567780A (en) * | 2009-03-20 | 2009-10-28 | 武汉理工大学 | Key management and recovery method for encrypted digital certificate |
CN102299927A (en) * | 2011-08-31 | 2011-12-28 | 四川长虹电器股份有限公司 | Content security supervision system and method |
-
2012
- 2012-12-30 CN CN201210591471.5A patent/CN103916237B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1162779A2 (en) * | 2000-06-09 | 2001-12-12 | TRW Inc. | System and method for third party recovery of encryption certificates in a public key infrastructure |
CN101567780A (en) * | 2009-03-20 | 2009-10-28 | 武汉理工大学 | Key management and recovery method for encrypted digital certificate |
CN102299927A (en) * | 2011-08-31 | 2011-12-28 | 四川长虹电器股份有限公司 | Content security supervision system and method |
Non-Patent Citations (1)
Title |
---|
"可信计算中PrivacyCA***的研究与实现";李超零;《中国优秀硕士学位论文全文数据库信息科技辑》;20120215(第2(2012)期);正文第6.3.3.4、6.3.4节,表6.4 * |
Also Published As
Publication number | Publication date |
---|---|
CN103916237A (en) | 2014-07-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107566117B (en) | A kind of block chain key management system and method | |
CN106779636B (en) | Block chain digital currency wallet based on mobile phone earphone interface | |
US8842833B2 (en) | System and method for secure transaction of data between wireless communication device and server | |
US11880831B2 (en) | Encryption system, encryption key wallet and method | |
US6611913B1 (en) | Escrowed key distribution for over-the-air service provisioning in wireless communication networks | |
CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
US9490979B2 (en) | System and method for providing credentials | |
CN107483212A (en) | A kind of method of both sides' cooperation generation digital signature | |
IL300542A (en) | Transferring cryptocurrency from a remote limited access wallet | |
CN101399666A (en) | Safety control method and system for digital certificate of file | |
CN112182609A (en) | Block chain-based data uplink storage method and tracing method, device and equipment | |
JPH1127253A (en) | Key recovery system, key recovery device, recording medium for storing key recovery program and key recovery method | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN106685645A (en) | Key backup and recovery method and system for secure chip service key | |
WO2012072001A1 (en) | Safe method for card issuing, card issuing device and system | |
CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
CN114900304B (en) | Digital signature method and apparatus, electronic device, and computer-readable storage medium | |
CN109981255A (en) | The update method and system of pool of keys | |
CN102075327A (en) | Method, device and system for unlocking electronic key | |
CN108650080A (en) | A kind of key management method and system | |
CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
CN107360002A (en) | A kind of application method of digital certificate | |
CN109981287A (en) | A kind of code signature method and its storage medium | |
CN103916237B (en) | Method and system for managing user encrypted-key retrieval | |
CN113824551B (en) | Quantum key distribution method applied to secure storage system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |