CN114666066A - Private key recovery method and system and private key updating method and system - Google Patents
Private key recovery method and system and private key updating method and system Download PDFInfo
- Publication number
- CN114666066A CN114666066A CN202210548541.2A CN202210548541A CN114666066A CN 114666066 A CN114666066 A CN 114666066A CN 202210548541 A CN202210548541 A CN 202210548541A CN 114666066 A CN114666066 A CN 114666066A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- private key
- signature
- server
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a method and a system for recovering a private key and a method and a system for updating the private key in the technical field of electronic signature, which comprise the following steps: backing up a private key of a user terminal to obtain a first user terminal encrypted private key and a second user terminal encrypted private key, and respectively storing the first user terminal encrypted private key and the second user terminal encrypted private key into a server and the user terminal; selecting a replacement device of an abnormal party according to different abnormal conditions; the method has the advantages of high safety, breaks through the bottleneck that the signature operation can be continued only after the abnormal recovery of the existing private key occurs, and meanwhile improves the security of private key recovery through a private key updating mechanism.
Description
Technical Field
The invention relates to the technical field of electronic signatures, in particular to a method and a system for recovering a private key and a method and a system for updating the private key.
Background
In asymmetric cryptography and applications thereof, a private key is the most critical data, and the loss or theft of the private key causes more or less economic loss to a user.
The storage of the private key in the prior art includes the following ways: (1) the private key is stored at the server side, the user has no private key use authority, the private key is leaked once the server is broken, and the security level is low; (2) the private key is stored at the user side, the user has the use right of the private key, the equipment loss/replacement recovery is very complicated and even cannot be recovered, the user management is inconvenient and the leakage is easy; (3) the private key is stored at the side of the hardware equipment, namely the private key is lost due to the loss and damage of the hardware equipment, the cost of the hardware equipment is low, the problem that the unlocking cannot be realized by forgetting a Pin code is solved, and the private key is relatively safe but has a higher use threshold; (4) the method comprises the steps that private keys are secretly shared to form private key fragments and stored in a plurality of backup parties, when a user needs to restore the private keys, the private key fragments are transmitted to a certain device for restoring the private keys by each backup party to restore the complete private keys, and the complete private keys appear in the device for restoring the private keys, so that the prior art cannot effectively prevent the private keys from being leaked. Therefore, the current methods of separately storing the private key in the server side, the user side and the hardware device side and the method of secret sharing of the private key have respective security problems.
In addition, in the prior art, there is a method of dispersing the private key in the client and the server, and the client and the server perform signature respectively and then perform aggregation to obtain the final signature. In the method, as the backup mechanism is not provided, the signature capability is lost when the private key component of the user terminal or the server is lost; even if the private key is manually backed up, the private key recovery process must be completely executed, the signature cannot be performed before the private key recovery is completed, and the signature time of the user may be delayed under the condition that the private key recovery is blocked due to the influence of various factors (such as time consumption caused by purchasing, resetting a user terminal or a server); when the server or the user terminal cannot normally communicate for various reasons, the server or the user terminal cannot immediately complete the signature.
In addition, in the current various methods for backing up the private key, the private key can only be recovered after being lost, and the private key is not updated, so that the private key component may fall into an enemy hand, but is still used continuously, and the security is not high.
Disclosure of Invention
The invention provides a method and a system for recovering a private key, a method and a system for updating the private key, aiming at the defects in the prior art, has the advantage of high safety, and breaks through the bottleneck that the signature operation can be continued only after the abnormal recovery is waited under the condition that the conventional private key is abnormal.
In order to solve the technical problem, the invention is solved by the following technical scheme:
a method of recovering a private key, comprising the steps of:
when the private key normally runs, the private key of the user terminal is backed up to obtain a first user terminal encryption private key and a second user terminal encryption private key, and the first user terminal encryption private key and the second user terminal encryption private key are respectively stored in the server and the user terminal;
when an abnormal condition occurs, judging the abnormal condition, and selecting a replacement device of an abnormal party according to different abnormal conditions, wherein the abnormal condition of the device comprises any one of server abnormality, user terminal abnormality or backup party abnormality;
and when the abnormity is recovered, resetting the abnormal party or generating new equipment, verifying the reset equipment or the new equipment, starting the reset equipment or the new equipment after the verification is successful, and stopping the replacement equipment.
Optionally, the backup of the private key of the user terminal includes the following steps:
randomly splitting a user terminal private key into a first user terminal private key and a second user terminal private key;
encrypting the first user terminal private key and the second user terminal private key by using an initial backup party public key to respectively obtain a first user terminal encryption private key and a second user terminal encryption private key;
and storing the first user terminal encryption private key into a server, and storing the second user terminal encryption private key into the user terminal.
Optionally, the method for selecting the replacement device of the abnormal party according to different abnormal situations includes the following steps:
judging an abnormal condition, if the abnormal condition is that the user terminal is abnormal, setting the initial backup party as a replacement device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party;
if the abnormal condition is that the server is abnormal, setting the initial backup party as a replacement device of the server according to the correctness of the merged signature generated by the user terminal or the initial backup party;
and if the abnormal condition is that the initial backup party is abnormal, setting a new equipment backup party, performing signature verification through the user terminal, and taking the newly set backup party as a replacement equipment after the signature verification passes.
Optionally, the setting of the initial backup party as a backup device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party includes the following steps:
the method comprises the steps that bidirectional identity authentication is carried out on an initial backup party and a server, and after a request for obtaining a first user terminal encryption private key is sent to the server, decryption is carried out to obtain the first user terminal private key;
signing by using a private key of a first user terminal to obtain a first component signature, and sending the first component signature to a server;
signing by using a private key of a second user terminal to obtain a second component signature, and combining the first component signature and the second component signature to obtain a combined signature;
and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the user terminal.
Optionally, verifying the reset device or the new device comprises the following steps:
setting new equipment of a user terminal or resetting the user terminal, and sending a first user terminal private key of an initial backup party to the new equipment of the user terminal or resetting the user terminal;
signing by using a first user terminal private key in new equipment or a reset user terminal of a user terminal to obtain a first component sub-signature, and sending the first component sub-signature to a server;
signing by using a second user terminal private key to obtain a second sub-quantum signature, and combining the first sub-quantum signature and the second sub-quantum signature to obtain a combined signature;
the correctness of the merged signature is verified using the user terminal or resetting the user terminal public key.
Optionally, the setting of the initial backup party as a backup device of the server according to the correctness of the merged signature generated by the user terminal or the initial backup party includes the following steps:
sending a second user terminal encrypted private key to an initial backup party, and decrypting the second user terminal encrypted private key to obtain a second user terminal private key;
signing by using a private key of a second user terminal to obtain a second component signature, and sending the second component signature to the user terminal;
acquiring a first user terminal private key, signing by using the first user terminal private key to obtain a first component signature, and combining the first component signature and a second component signature to obtain a combined signature;
and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the server.
Optionally, verifying the reset device or the new device comprises the following steps:
setting new equipment of the server or resetting the server, and sending a second user terminal private key of the initial backup party to the new equipment of the server or the resetting server;
signing by using a private key of a first user terminal in the user terminal to obtain a first component sub-signature, and sending the first component sub-signature to a server;
according to the first component quantum signature, a second user terminal private key is used for signing in new equipment of a server or a reset server to obtain a second component quantum signature, and the first component quantum signature and the second component quantum signature are combined to obtain a combined signature;
and verifying the correctness of the merged signature by using the public key of the user terminal.
Optionally, setting a new device backup party, performing signature verification through a user terminal, and taking the newly set backup party as a replacement device after the signature verification is passed, including the following steps:
sending a certification message containing a signature message, a signature of a newly-set backup party and a public key of the new equipment backup party to a user terminal, verifying the correctness of the electronic signature by using the public key of the newly-set backup party, and setting the new equipment backup party as a replacement equipment of an initial backup party if the verification result is correct;
if the new equipment party is used for backing up the private key of the first user terminal, the user terminal encrypts the private key of the first user terminal by using the public key of the new equipment party to form a first user terminal encryption private key, sends the first user terminal encryption private key to the server for backing up, and deletes the original first user terminal encryption private key by the server;
if the new equipment side is used for backing up the private key of the second user terminal, the user terminal sends a certification message of a newly-arranged backup side to the server, the server encrypts the private key of the second user terminal by using the public key of the newly-arranged backup side after verifying the certification message to form a second user terminal encryption private key, the second user terminal encryption private key is sent to the user terminal backup, and the user terminal deletes the original second user terminal encryption private key.
An updating method of a private key, which is applied to updating of the private key after the private key device recovery method is used, and comprises the following steps:
generating random parameters, and calculating a first user terminal update private key and a second user terminal update private key according to the random parameters;
encrypting the first user terminal updating private key and the second user terminal updating private key by using the initial backup party public key to respectively obtain a first user terminal updating encryption private key and a second user terminal updating encryption private key;
and sequentially replacing the first user terminal private key, the second user terminal private key, the first user terminal encrypted private key and the second user terminal encrypted private key with the first user terminal updated private key, the second user terminal updated private key, the first user terminal updated encrypted private key and the second user terminal updated encrypted private key.
A recovery system of private key comprises a backup module, a storage distribution module, an analysis module and an update stop module;
the backup module is used for backing up the private key of the user terminal when the private key normally runs to obtain a first user terminal encrypted private key and a second user terminal encrypted private key;
the storage distribution module is used for storing the first user terminal encryption private key into a server and storing the second user terminal encryption private key into a user terminal;
the analysis module is used for judging an abnormal condition when the private key is abnormal, and selecting a replacement device of an abnormal party according to different abnormal conditions, wherein the abnormal condition comprises any one of server abnormality, user terminal abnormality or backup party abnormality;
and the updating and stopping module is used for resetting the abnormal part or generating new equipment when the abnormality is recovered, verifying the reset equipment or the new equipment, starting the reset equipment or the new equipment after the verification is successful, and stopping the replacement equipment.
A private key updating system comprises an updating module, an encryption module, a signature generating module and a replacing module;
the updating module is used for generating random parameters and calculating a first user terminal updating private key and a second user terminal updating private key according to the random parameters;
the encryption module is used for encrypting the first user terminal updated private key and the second user terminal updated private key by using the initial backup party public key to respectively obtain a first user terminal updated encryption private key and a second user terminal updated encryption private key;
the replacement module is used for sequentially replacing the first user terminal private key, the second user terminal private key, the first user terminal encrypted private key and the second user terminal encrypted private key with a first user terminal updated private key, a second user terminal updated private key, a first user terminal updated encrypted private key and a second user terminal updated encrypted private key.
Compared with the prior art, the technical scheme provided by the invention has the following beneficial effects:
1. the private keys are respectively stored in the user terminal and the server, the private key components are respectively backed up by adopting the public key of the backup party, and the backup is respectively stored in the user terminal and the server, the backup party does not need to store backup data under the condition of no abnormal occurrence, the use is convenient, the storage positions of the private key components are also reduced, and the safety of the private key components is improved; the method for obtaining the backup of the user private key component by the user through the backup party with the private key has high safety, and solves the problem that the user terminal cannot complete signature under the condition that the server cannot be used;
2. according to the method for storing the private keys in the user terminal and the server respectively, when the private key component of the user terminal or the server is lost, the private key recovery process does not need to be executed completely, the private key can be signed by using the backup party before the private key recovery is completed, and the signature time of a user cannot be delayed under the condition that the private key recovery is blocked due to the influence of various factors (such as time consumption caused by purchasing and resetting the user terminal or the server); when the server or the user terminal can not normally communicate due to various reasons, the signature can be immediately completed by using the backup party;
3. according to the method for backing up the private key, the private key can be recovered after being lost, the private key can be updated, even though the private key component possibly falls into an enemy, the private key component acquired by an enemy can be invalid through updating, and the safety is high.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a diagram of the relationship between private key members and a key distribution diagram when the number of initial backup parties is set to 2 according to the first embodiment;
fig. 2 is a diagram of the relationship between the private key members and the key distribution diagram when the initial backup party is set to 1.
Detailed Description
The present invention will be described in further detail with reference to examples, which are illustrative of the present invention and are not to be construed as being limited thereto.
Example one
A method of recovering a private key, comprising the steps of: and when the private key normally runs, backing up the private key of the user terminal to obtain a first user terminal encryption private key and a second user terminal encryption private key, and respectively storing the first user terminal encryption private key and the second user terminal encryption private key into the server and the user terminal.
Specifically, as shown in fig. 1, when the private key is used, a user terminal, a server and an initial backup party are required to be used, where the number of the initial backup parties may be set to one or two, and the initial backup party is used for backup of the user terminal, when the initial backup party is set to two, the user terminal is marked as M, the user terminal public key is marked as PKM, the user terminal private key is marked as SKM, the server is marked as S, the server public key is marked as PKS, the server private key is marked as SKS, the two initial backup parties are respectively marked as B1 and B2, and respectively marked as PKB1 and PKB2, and respectively marked as SKB1 and SKB 2.
Further, when two initial backup parties are set, the private key of the user terminal is backed up, and the method comprises the following steps: randomly splitting a user terminal private key SKM into a first user terminal private key SKM1 and a second user terminal private key SKM 2; encrypting a first user terminal private key SKM1 by using a public key PKB1 of a first initial backup party to obtain a first user terminal encryption private key ESKM1, and encrypting a second user terminal private key SKM2 by using a second public key PKB2 of the first initial backup party to obtain a second user terminal encryption private key ESKM 2; the first user terminal encryption private key ESKM1 is stored in the server S, and the second user terminal encryption private key ESKM2 is stored in the user terminal M.
The method for randomly splitting the private key SKM of the user terminal may use splitting manners such as addition splitting or (t =2, N =2) Shamir secret sharing, specifically, the formula of the addition splitting manner is SKM = F (SKM1, SKM2) = SKM1+ SKM2 mod N, and N is a large integer, and by splitting the private key into two components, two signature components can be correspondingly generated for the same original text, and the two signature components may be combined into a signature, where the signature algorithm is a multi-party signature algorithm of N =2 or a threshold signature algorithm of (t =2, N = 2); for simplifying the expression, the two signature components and the signature are uniformly and respectively expressed as SIGM1, SIGM2 and SIGM in the following, but actually, the generated signature components and signatures are different for different texts, so that the security of the private key is improved by a split backup mode.
The backup of the private key can be illustrated by the following examples, for example, the user originally uses the UKEY for signing, and the private key of the user terminal is located in the UKEY, which is safe, but the use of the UKEY is inconvenient, and the private key backup is not available; the method comprises the steps that an active user terminal calls a UKEY interface to enable the UKEY to randomly split a user terminal private key SKM into a first user terminal private key SKM1 and a second user terminal private key SKM2, a first user terminal encryption private key ESKM1 and a second user terminal encryption private key ESKM2 are obtained through calculation, the first user terminal encryption private key ESKM1 and the second user terminal encryption private key ESKM2 are respectively encrypted through a server public key PKS to obtain { SKM2} PKS and { ESKM1} PKS, and all calculation is executed inside the UKEY; UKEY derives SKM1, ESKM2, { SKM2} PKS, { ESKM1} PKS to the user's handset; the mobile phone of the user stores SKM1 and ESKM2, and uploads SKM2 PKS and ESKM1 PKS to the server; the server decrypts the { SKM2} PKS and the { ESKM1} PKS respectively by using a server private key SKS to obtain SKM2 and ESKM 1; and the subsequent user can carry out operations such as mutual cooperative signature and the like by using the mobile phone and the server.
When the private keys are all normally operated, the general signature steps are as follows: the user terminal M uses a first user terminal private key SKM1 to carry out signature to obtain a signature component SIGM 1; after the user terminal M logs in the server S, the triggering server S uses a second user terminal private key SKM2 to carry out signature to obtain a signature component SIGM 2; the user terminal M or the server S combines 2 signature components to obtain a signature SIGM, and meanwhile, any member obtaining the signature SIGM can verify the correctness of the SIGM according to the public key PKM of the user terminal.
Further, when the private key is abnormal, the abnormal situation is judged, and the backup device of the abnormal party is selected according to different abnormal situations, wherein the abnormal situation comprises any one of server abnormality, user terminal abnormality or backup party abnormality, if the abnormal situation is the user terminal abnormality, the initial backup party is set to be used as the backup device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party.
Specifically, the method for setting the initial backup party to be used as a replacement device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party comprises the following steps: the method comprises the steps that bidirectional identity authentication is carried out on an initial backup party and a server, and after a request for obtaining a first user terminal encryption private key is sent to the server, decryption is carried out to obtain the first user terminal private key; signing by using a private key of a first user terminal to obtain a first component signature, and sending the first component signature to a server; the server uses a second user terminal private key to carry out signature to obtain a second component signature, and the first component signature and the second component signature are combined to obtain a combined signature; and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the user terminal.
It should be noted that the user terminal abnormality refers to an abnormal situation such as a user terminal device loss, a data loss or a failure to start, and when the user terminal abnormality occurs, the user activates the initial backup party B1 to perform bidirectional identity authentication with the server S, if TLS authentication passes, the initial backup party B1 requests the server S for the first user terminal encryption private key ESKM1, then the initial backup party B1 signs the current time T with the first user terminal private key to obtain the first component signature SIGM1, and sends T | | | | | SIGM1 to the server S, the server S signs with the second user terminal private key SKM2 to obtain the second signature component SIGM2, and combines SIGM1 and SIGM2 to obtain the complete backup signature SIGM, at this time, if the complete backup signature SIGM is verified to be correct, the initial backup party B1 cooperates with the server to perform signature completion during the user terminal abnormality, at this time, the first backup party is the backup device.
Before the user terminal M is recovered, a relatively long time interval may exist between the time when the first user terminal private key SKM1 is obtained from the first initial backup party B1 and the time when the user terminal M is recovered, so that the first initial backup party B1 may replace the user terminal M to complete the use of the first user terminal private key SKM1 in the period if the need for using the private key exists, that is, no matter whether the abnormality of the user terminal is solved, the user does not influence the use of the private key for electronic signature by the user.
Further, when recovering the anomaly, resetting the anomaly party or generating a new device, verifying the reset device or the new device, after the verification succeeds, starting the reset device or the new device, and stopping the replacement device, specifically, verifying the reset device or the new device, including the following steps: setting new equipment of a user terminal or resetting the user terminal, and sending a first user terminal private key of an initial backup party to the new equipment of the user terminal or resetting the user terminal; signing by using a first user terminal private key in new equipment or a reset user terminal of a user terminal to obtain a first component sub-signature, and sending the first component sub-signature to a server; the server uses a second user terminal private key to sign to obtain a second sub-quantum signature, and the first sub-quantum signature and the second sub-quantum signature are combined to obtain a combined signature; the correctness of the merged signature is verified using the user terminal or resetting the user terminal public key.
For solving the abnormal situation of the user terminal, there are two general ways, one is to directly replace the user terminal device, and the other is to reset the user terminal for continuous use, regardless of the above-mentioned way, the initial backup party B1 needs to send the first user terminal private key SKM1 to the user terminal M, then the user terminal M signs the current time T ' with SKM1 to obtain SIGM 1', sends T ' | SIGM 1' to the server S, the server S obtains SIGM ' according to the method of generating the merged signature and verifies, the user terminal which is approved to be reset or reset can be used after verification, and after confirming that the user terminal can be used, in order to ensure the security of the private key, the server S needs to encrypt the second user terminal private key SKM2 with PKB2 to be ESKM2, send to the reset or reset user terminal, and the user terminal stores SKM1, ESKM2 after receiving the user terminal and notifies the initial backup party that the first B1 private key is successfully recovered, and simultaneously, the SKM1 in the primary backup side B1 is cleared and stopped to reduce the possibility of leakage of the SKM 1.
As shown in fig. 2, when the number of the initial backup parties is one, in the process of backing up the private key, the public key of the initial backup party is directly used to encrypt the private key of the first user terminal and the private key of the second user terminal, and the storage locations of the private key of the first user terminal and the private key of the second user terminal are the same as those of the two initial backup parties.
When an initial backup party is set, when a user terminal is abnormal, the user starts the initial backup party B, after the two-way identity authentication with the server S is passed, the initial backup party B requests the server S for a first user terminal encryption private key ESKM1, then the initial backup party B uses the first user terminal private key to sign the current time T to obtain a first component signature SIGM1, and sends the T | | | SIGM1 to the server S, then the server S uses the second user terminal private key SKM2 to sign to obtain a second signature component SIGM2, and the SIGM1 and the SIGM2 are combined to obtain a complete backup signature SIGM, at the moment, if the complete backup signature SIGM is verified to be correct, the initial backup party B is used to cooperate with the server during the abnormal period of the user terminal to complete the signature, and at the moment, the initial backup party is a replacement device.
Before the user terminal M is recovered, the first user terminal private key SKM1 is obtained from the initial backup party B1, and then a long time interval may exist before the user terminal M is recovered, so that, if a need for using the private key exists during the time interval, the initial backup party B can replace the user terminal M to complete the use of the first user terminal private key SKM1, that is, no matter whether the abnormality of the user terminal is solved, the use of the private key by the user is not affected.
When the abnormity is recovered, an initial backup party B sends a first user terminal private key SKM1 to a user terminal M, then the user terminal M signs the current time T ' by using SKM1 to obtain SIGM 1', and sends T ' | | SIGM 1' to a server S, the server S obtains SIGM ' according to a method for generating a combined signature and verifies the signature, the verification confirms that the reset or reset user terminal can be used after passing through the verification, after the use is confirmed, in order to ensure the backup function of the private key, the server S is required to encrypt a second user terminal private key SKM2 into ESKM2 by using PKB2, and send the ESKM2 to the reset or reset user terminal, and the user terminal stores SKM1 and ESKM2 after receiving the signature and notifies the initial backup party B that the private key is recovered successfully, and simultaneously clears SKM1 in the initial backup party B and stops using the private key, so as to reduce the possibility of leakage of SKM 1.
Example two
The embodiment is different from the first embodiment in that, if the abnormal condition is a server abnormality, the initial backup party is set to be used as a backup device of the server according to the correctness of the merged signature generated by the user terminal or the initial backup party, and specifically, the initial backup party is set to be used as a backup device of the server according to the correctness of the merged signature generated by the user terminal or the initial backup party, including the following steps: sending the second user terminal encrypted private key to the initial backup party, and decrypting the second user terminal encrypted private key to obtain a second user terminal private key; signing by using a private key of a second user terminal to obtain a second component signature, and sending the second component signature to the user terminal; signing by using a private key of a first user terminal to obtain a first component signature, and combining the first component signature and a second component signature to obtain a combined signature; and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the server.
It should be noted that the server abnormality refers to a situation that the server device is lost, data is lost, or the server device cannot be started, at this time, if the signature function needs to be continuously used, taking two initial backup parties as an example, the user terminal is required to send the second user terminal encrypted private key to the second initial backup party B2, and the second user terminal private key is obtained by decrypting the second user terminal private key with the second initial backup party private key, at this time, since the second user terminal private key is obtained from the second initial backup party B2 and then recovered to the server, the time interval is long, during the server abnormality, the second initial backup party can be used as a replacement device of the server, and an electronic signature is generated.
When the server is reset or a new server is directly used for repairing, the reset server or the newly-arranged server is required to generate a merged signature for verification by means of the second initial backup party, the correctness of the merged signature is verified by using the public key of the user terminal, if the verification result is normal, the reset or newly-arranged server is directly used, and meanwhile, in order to ensure the safety of the private key, the private key of the second user terminal in the second initial backup party is also required to be cleared, and the second initial backup party is stopped being used.
Specifically, the verification of the reset device or the new device comprises the following steps: setting new equipment of the server or resetting the server, and sending a second user terminal private key of the initial backup party to the new equipment of the server or the resetting server; a first user terminal private key is used for signing in a user terminal to obtain a first component sub-signature, and the first component sub-signature is sent to a server; according to the first component sub-signature, a second user terminal private key is used for signing in new equipment or a reset server of the server to obtain a second component sub-signature, and the first component sub-signature and the second component sub-signature are combined to obtain a combined signature; and verifying the correctness of the merged signature by using the public key of the user terminal.
If only one initial backup party is set, and at the moment, if the signature function needs to be continuously used, the user terminal is required to send the second user terminal encrypted private key to the initial backup party B, and the second user terminal private key is obtained by using the private key of the initial backup party for decryption.
When the server is reset or a new server is directly used for repairing, the reset server or the newly-arranged server is required to generate a merged signature for verification by virtue of an initial backup party, the correctness of the merged signature is verified by using the public key of the user terminal, if the verification result is normal, the reset or newly-arranged server is directly used, and meanwhile, in order to ensure the safety of the private key, the private key of a second user terminal in the initial backup party is also required to be cleared, and the use of the initial backup party is stopped.
EXAMPLE III
The difference between this embodiment and the first embodiment is that if the abnormal condition is that the initial backup party is abnormal, the new device backup party is set, the public key of the new device backup party is used to perform signature verification on the digital signature of the new device backup party, and the new device backup party is used as a replacement device after the new device backup party passes the signature verification, which includes the following steps: sending a certification message containing a signature message, a signature of a newly-set backup party and a public key of the new equipment backup party to a user terminal, verifying the correctness of the electronic signature by using the public key of the newly-set backup party, and setting the new equipment backup party as a replacement equipment of an initial backup party if the verification result is correct; if the new equipment party is used for backing up the private key of the first user terminal, the user terminal encrypts the private key of the first user terminal by using the public key of the new equipment party to form a first user terminal encryption private key, sends the first user terminal encryption private key to the server for backing up, and deletes the original first user terminal encryption private key by the server; if the new equipment side is used for backing up the private key of the second user terminal, the user terminal sends a certification message of a newly-arranged backup side to the server, the server encrypts the private key of the second user terminal by using the public key of the newly-arranged backup side after verifying the certification message to form a second user terminal encryption private key, the second user terminal encryption private key is sent to the user terminal backup, and the user terminal deletes the original second user terminal encryption private key.
It should be noted that the abnormal condition of the initial backup party refers to the condition that the device of the initial backup party is lost, the data is lost or the device cannot be started, and the like, and at this time, if the signature function needs to be continuously used, taking two initial backup parties as an example, when any one of the two initial backup parties is abnormal, the backup of the private key can be realized by setting a new backup party.
Specifically, if the initial backup party is abnormal, the user sets a new backup party B1', the public key of the new backup party B1' is marked as PKB1', the private key of the new backup party is marked as SKB1', the new backup party B1 'sends PKB1' to the user terminal M, and the user terminal M has the current time T and the signature SIGB1 'for the current time T, when the user terminal M verifies that the SIGB1' is correct, the new public key of the new backup party B1 is approved, the user terminal M encrypts the SKM1 with PKB1 'to be ESKM1', and sends the ESKM1 'to the server S, and the server S replaces the ESKM1 with the ESKM 1'.
If the initial backup party II is abnormal, the user sets a new backup party II B2', the public key of the new backup party II B2' is marked as PKB2', the private key is marked as SKB2', the new backup party II B2' sends PKB2' to the user terminal M, the user terminal M is provided with the signature SIGB2' of the current time T and the current time T, the user terminal M sends T | | | SIGB2' | | PKB2' to the server S after verifying that the SIGB1' is correct, the server S recognizes the new public key of the new backup party II B2 after verifying that the SIGB2' is correct by the PKB2', the server S encrypts SKM2 into ESKM2' by using PKB2', and sends the ESKM2 to the user terminal M by using ESKM2 '.
On the other hand, when only one initial backup party is set and the initial backup party is abnormal, the user sets a new backup party B ', the public key of the backup party B' is marked as PKB ', the private key is marked as SKB', the new backup party B 'sends PKB' to the user terminal M and has the current time T and the signature SIGB 'for the current time T, the user terminal M verifies that the SIGB' is correct, the new public key of the new backup party B 'is approved, the user terminal M encrypts SKM1 into ESKM1' by using PKB ', the new public key of T | | | | | SIGB' | PKB '| ESKM1' is sent to the server S, the server S verifies that the SIGB 'is correct by using PKB', the new public key of the new backup party B 'is approved, the server S replaces ESKM1 by using ESKM1', and the server S2 encrypts into ESKM2 'by using PKB', and sends the ESKM2 'to the user terminal M2'.
Example four
An updating method of a private key, the updating method being applied to updating of the private key after the private key recovery method according to any one of the first to third embodiments, comprising the steps of: generating random parameters, and calculating a first user terminal update private key and a second user terminal update private key according to the random parameters; encrypting the first user terminal updating private key and the second user terminal updating private key by using the initial backup party public key to respectively obtain a first user terminal updating encryption private key and a second user terminal updating encryption private key; and sequentially replacing the first user terminal private key, the second user terminal private key, the first user terminal encrypted private key and the second user terminal encrypted private key with the first user terminal updated private key, the second user terminal updated private key, the first user terminal updated encrypted private key and the second user terminal updated encrypted private key.
After the private key is abnormally recovered, the first user terminal private key, the second user terminal private key, the initial backup party private key and the like may be stolen or suspected to be stolen, so that the private key needs to be updated after the abnormal recovery in order to improve the security of the private key.
Specifically, firstly, the user terminal generates random parameters param, then operates the first initial backup party and the second initial backup party to generate new public keys PKB1', PKB2', new private keys SKB1', SKB2', and then the first initial backup party sends PKB1 'to the user terminal M and carries signatures SIGB1' of the current time T1 and the current time T1; the initial backup party two B2 sends PKB2 'to the user terminal M, and has signatures SIGB2' of current time T2 and current time T2, when the user terminal verifies that the signature SIGB1 'is correct through a public key, the new public key of the initial backup party B1 is approved, then after the server and the user terminal pass identity authentication, the user terminal sends param | | T2| | SIGB2' | PKB2'| ESKM1' (namely, the signature of the random parameter | time | T2| initial backup party two public key | | | | I second user terminal encryption private key) to the server S, after the server S verifies that the SIGB2 'is correct, the new public key of the initial backup party is approved, then the service replaces SKM2 and ESKM 84 1 with SKM2' and ESKM1', and sends ESKM2' to the user terminal M and the SKM 8653 and 8686 1 'replaces SKM 863' with ESKM2 'and ESKM 2'.
The function updating formulas of the new private keys SKM1' and SKM2' generated by the user terminal M and the server S are SKM1' = f1(SKM1, param), and the ESKM1' is obtained by encrypting with PKB1 '; SKM2' = f2(SKM2, param), encrypted with PKB2' to give ESKM2 '.
It should be noted that the update flow is only possible when the private key update satisfies the following condition, that is, if SKM = F (SKM1, SKM2), the update function of SKM1 is F1(), and the update function of SKM2 is F2(), F (SKM1, SKM2) = F (F1(SKM1, param), F2(SKM2, param)) is satisfied.
For example: f (SKM1, SKM2) = SKM1+ SKM2 mod N, N is a certain large integer;
f1(SKM1,param)= SKM1+param;
f2(SKM2,param)= SKM2-param;
this situation may be satisfied:
F(f1(SKM1,param),f2(SKM2,param))= f1(SKM1,param)+f2(SKM2,param) mod N
=( SKM1+param)+( SKM2-param) mod N= SKM1+SKM2 mod N= F(SKM1,SKM2)。
on the other hand, the keys of the initial backup party may remain unchanged, i.e., PKB1'= PKB1, SKB1' = SKB 1; PKB2'= PKB2, SKB2' = SKB 2.
EXAMPLE five
A recovery system of a private key comprises a backup module, a storage distribution module, an analysis module and an updating and disabling module; the backup module is used for backing up the private key of the user terminal when the private key normally runs to obtain a first user terminal encrypted private key and a second user terminal encrypted private key; the storage distribution module is used for storing the first user terminal encryption private key into the server and storing the second user terminal encryption private key into the user terminal.
Specifically, when the private key is used, a user terminal and a server are required to be used, wherein the number of the initial backup parties can be set to one or two, the initial backup parties are used for backing up the user terminal, when the initial backup parties are set to two, the user terminal is marked as M, the user terminal public key is marked as PKM, the user terminal private key is marked as SKM, the server is marked as S, the server public key is marked as PKS, the server private key is marked as SKS, the two initial backup parties are respectively marked as B1 and B2, and the respective public keys are respectively marked as PKB1 and PKB2, and the respective private keys are respectively marked as SKB1 and SKB 2.
Further, when two initial backup parties are set, the private key of the user terminal is backed up, and the method comprises the following steps: randomly splitting a private key SKM of a user terminal into a first private key SKM1 of the user terminal and a private key SKM2 of a second user terminal; encrypting a first user terminal private key SKM1 by using a public key PKB1 of a first initial backup party to obtain a first user terminal encryption private key ESKM1, and encrypting a second user terminal private key SKM2 by using a second public key PKB2 of the first initial backup party to obtain a second user terminal encryption private key ESKM 2; the first user terminal encryption private key ESKM1 is stored in the server S, and the second user terminal encryption private key ESKM2 is stored in the user terminal M.
The method for randomly splitting the private key SKM of the user terminal may use splitting manners such as addition splitting or (t =2, N =2) Shamir secret sharing, specifically, the formula of the addition splitting manner is SKM = F (SKM1, SKM2) = SKM1+ SKM2 mod N, and N is a large integer, and by splitting the private key into two components, two signature components can be correspondingly generated for the same original text, and the two signature components may be combined into a signature, where the signature algorithm is a multi-party signature algorithm of N =2 or a threshold signature algorithm of (t =2, N = 2); for simplifying the expression, the two signature components and the signature are uniformly and respectively expressed as SIGM1, SIGM2 and SIGM in the following, but actually, the generated signature components and signatures are different for different texts, so that the security of the private key is improved by a split backup mode.
The backup of the private key can be illustrated by the following examples, for example, the user originally uses the UKEY for signing, and the private key of the user terminal is located in the UKEY, which is safe, but the use of the UKEY is inconvenient, and the private key backup is not available; the method comprises the steps that an active user terminal calls a UKEY interface to enable the UKEY to randomly split a user terminal private key SKM into a first user terminal private key SKM1 and a second user terminal private key SKM2, a first user terminal encryption private key ESKM1 and a second user terminal encryption private key ESKM2 are obtained through calculation, the first user terminal encryption private key ESKM1 and the second user terminal encryption private key ESKM2 are respectively encrypted through a server public key PKS to obtain { SKM2} PKS and { ESKM1} PKS, and all calculation is executed inside the UKEY; UKEY derives SKM1, ESKM2, { SKM2} PKS, { ESKM1} PKS to the user's handset; the mobile phone of the user stores SKM1 and ESKM2, and uploads SKM2 PKS and ESKM1 PKS to the server; the server decrypts { SKM2} PKS and { ESKM1} PKS respectively by using a server private key SKS to obtain SKM2 and ESKM 1; and the subsequent user can carry out operations such as mutual cooperative signature and the like by using the mobile phone and the server.
While when the private key is operating normally, the usual signing steps are as follows: the user terminal M uses a first user terminal private key SKM1 to carry out signature to obtain a signature component SIGM 1; after the user terminal M logs in the server S, the triggering server S uses a second user terminal private key SKM2 to carry out signature to obtain a signature component SIGM 2; the user terminal M or the server S combines 2 signature components to obtain a signature SIGM, and meanwhile, any member obtaining the signature SIGM can verify the correctness of the SIGM according to the public key PKM of the user terminal.
Further, the analysis module is used for judging an abnormal condition when the private key is abnormal, and selecting a replacement device of the abnormal party according to different abnormal conditions, wherein the abnormal condition comprises any one of server abnormality, user terminal abnormality or backup party abnormality, and if the abnormal condition is the user terminal abnormality, the initial backup party is set to be used as the replacement device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party.
Specifically, the method for setting the initial backup party to be used as a replacement device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party comprises the following steps: the method comprises the steps that bidirectional identity authentication is carried out on an initial backup party and a server, and after a request is sent to the server to obtain a first user terminal encryption private key, decryption is carried out to obtain the first user terminal private key; signing by using a private key of a first user terminal to obtain a first component signature, and sending the first component signature to a server; the server uses a second user terminal private key to carry out signature to obtain a second component signature, and the first component signature and the second component signature are combined to obtain a combined signature; and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the user terminal.
It should be noted that the user terminal abnormality refers to an abnormal condition such as a user terminal device loss, data loss or incapability of starting, when the user terminal is abnormal, the user starts the initial backup party B1, after the bidirectional identity authentication with the server S is passed, the initial backup party B1 requests the first user terminal encryption private key ESKM1 from the server S, the initial first backup party B1 then signs the current time T with the first user terminal private key resulting in a first component signature SIGM1, and sends T | SIGM1 to server S, server S signs with second user terminal private key SKM2 to obtain second signature component SIGM2, and combining the SIGM1 and the SIGM2 to obtain a complete backup signature SIGM, wherein if the complete backup signature SIGM is verified to be correct, the initial backup party B1 is used to cooperate with the server to complete the signature during the abnormal period of the user terminal, and the initial backup party is the replacement device.
Before the user terminal M is recovered, the first user terminal private key SKM1 is obtained from the first initial backup party B1, and then a long time interval may exist before the user terminal M is recovered, so that, if a requirement for using the private key exists in this period, the first initial backup party B1 may replace the user terminal M to complete the use of the first user terminal private key SKM1, that is, no matter whether the abnormality of the user terminal is solved, the use of the private key by the user is not affected.
Furthermore, the update disabling module is configured to, when recovering from the anomaly, reset the anomaly party or generate a new device, verify the reset device or the new device, enable the reset device or the new device after the verification is successful, disable the replacement device, and specifically verify the reset device or the new device, and includes the following steps: setting new equipment of a user terminal or resetting the user terminal, and sending a first user terminal private key of an initial backup party to the new equipment of the user terminal or resetting the user terminal; signing by using a first user terminal private key in new equipment or a reset user terminal of a user terminal to obtain a first component sub-signature, and sending the first component sub-signature to a server; the server signs by using a second user terminal private key to obtain a second sub-quantum signature, and combines the first sub-quantum signature and the second sub-quantum signature to obtain a combined signature; the correctness of the merged signature is verified using the user terminal or resetting the user terminal public key.
For solving the abnormal situation of the user terminal, there are two general ways, one is to directly replace the user terminal equipment, and the other is to reset the user terminal for continuous use, regardless of the above-mentioned way, the initial backup party B1 is needed to send the first user terminal private key SKM1 to the user terminal M, then the user terminal M signs the current time T ' with SKM1 to obtain SIGM 1', sends T ' | | SIGM 1' to the server S, the server S obtains SIGM ' according to the method of generating the combined signature and verifies, the user terminal which is approved to be reset or reset can be used after verification, and after confirming that the user terminal can be used, in order to ensure the security of the private key, the server S is needed to encrypt the second user terminal private key SKM2 with PKB2 to be ESKM2, and send the encrypted private key to the reset or reset user terminal, and the user terminal stores SKM1 and ESKM2 after receiving the private key, and informs the initial backup party that the first B1 private key is successfully recovered, and simultaneously, the SKM1 in the primary backup side B1 is cleared and stopped to reduce the possibility of leakage of the SKM 1.
EXAMPLE six
A private key updating system comprises an updating module, an encryption module, a signature generating module and a replacing module; the updating module is used for generating random parameters and calculating a first user terminal updating private key and a second user terminal updating private key according to the random parameters; the encryption module is used for encrypting the first user terminal updated private key and the second user terminal updated private key by using the initial backup party public key to respectively obtain a first user terminal updated encryption private key and a second user terminal updated encryption private key; the replacing module is used for sequentially replacing the first user terminal private key, the second user terminal private key, the first user terminal encrypted private key and the second user terminal encrypted private key with a first user terminal updated private key, a second user terminal updated private key, a first user terminal updated encrypted private key and a second user terminal updated encrypted private key.
After the private key is abnormally recovered, the first user terminal private key, the second user terminal private key, the initial backup party private key and the like may be stolen or suspected to be stolen, so that in order to improve the security of the private key, the private key needs to be updated by using an updating system after the abnormal recovery.
Specifically, firstly, the user terminal generates random parameters param, then the updating module operates the first initial backup party and the second initial backup party to generate new public keys PKB1', PKB2', new private keys SKB1', SKB2', and then the first initial backup party sends PKB1 'to the user terminal M, and the signature SIGB1' with the current time T1 generated by the signature generating module is provided; the initial backup party B2 sends PKB2 'to the user terminal M and carries the signature SIGB2' of current time T2 and current time T2, after the user terminal verifies that the signature SIGB1 'is correct through a public key in a verification module, the new public key of the initial backup party B1 is approved, then after the server and the user terminal pass identity authentication, the user terminal sends param | | T2| | SIBB 2' | PKB2'| ESKM1' (namely the signature public key | | | | | of the random parameter | time | | T2) to the server S, after the server S verifies that the SIGB2 'is correct, the new public key of the initial backup party is approved, and then the server replaces ESSKM 2 and ESKM 84 1 with SKM2' and ESM 1', and sends the user terminal KM 56' to the user terminal M82 2 and replaces the user public key with SKM2 'and ESM 1'.
The function updating formulas of the new private keys SKM1' and SKM2' generated by the user terminal M and the server S are SKM1' = f1(SKM1, param), and the ESKM1' is obtained by encrypting with PKB1 '; SKM2' = f2(SKM2, param), encrypted with PKB2' to give ESKM2 '.
It should be noted that the update flow is only possible when the private key update satisfies the following condition, that is, if SKM = F (SKM1, SKM2), the update function of SKM1 is F1(), and the update function of SKM2 is F2(), F (SKM1, SKM2) = F (F1(SKM1, param), F2(SKM2, param)) is satisfied.
For example: f (SKM1, SKM2) = SKM1+ SKM2 mod N, N is a certain large integer;
f1(SKM1,param)= SKM1+param;
f2(SKM2,param)= SKM2-param;
this situation may be satisfied:
F(f1(SKM1,param),f2(SKM2,param))= f1(SKM1,param)+f2(SKM2,param) mod N
=( SKM1+param)+( SKM2-param) mod N= SKM1+SKM2 mod N= F(SKM1,SKM2)。
on the other hand, the keys of the initial backup party may remain unchanged, i.e., PKB1'= PKB1, SKB1' = SKB 1; PKB2'= PKB2, SKB2' = SKB 2.
In addition, it should be noted that the specific embodiments described in the present specification may differ in the shape of the components, the names of the components, and the like. All equivalent or simple changes of the structure, the characteristics and the principle of the invention which are described in the patent conception of the invention are included in the protection scope of the patent of the invention. Various modifications, additions and substitutions for the specific embodiments described herein may occur to those skilled in the art without departing from the scope and spirit of the invention as defined by the accompanying claims.
Claims (11)
1. A method for recovering a private key, comprising the steps of:
when the private key normally runs, the private key of the user terminal is backed up to obtain a first user terminal encryption private key and a second user terminal encryption private key, and the first user terminal encryption private key and the second user terminal encryption private key are respectively stored in the server and the user terminal;
when the private key is abnormal, judging the abnormal condition, and selecting a replacement device of an abnormal party according to different abnormal conditions, wherein the abnormal condition comprises any one of server abnormality, user terminal abnormality or backup party abnormality;
and when the abnormity is recovered, resetting the abnormal party or generating new equipment, verifying the reset equipment or the new equipment, starting the reset equipment or the new equipment after the verification is successful, and stopping the replacement equipment.
2. The method for recovering the private key according to claim 1, wherein the step of backing up the private key of the user terminal comprises the steps of:
randomly splitting a user terminal private key into a first user terminal private key and a second user terminal private key;
encrypting the first user terminal private key and the second user terminal private key by using the corresponding public key of the initial backup party to respectively obtain a first user terminal encryption private key and a second user terminal encryption private key;
and storing the first user terminal encryption private key into a server, and storing the second user terminal encryption private key into the user terminal.
3. The method for recovering the private key according to claim 1, wherein the alternative device of the abnormal party is selected according to different abnormal situations, comprising the following steps:
judging an abnormal condition, if the abnormal condition is that the user terminal is abnormal, generating a merged signature according to the server or the initial backup party, judging the correctness of the merged signature, and setting the initial backup party as a replacement device of the user terminal;
if the abnormal condition is that the server is abnormal, generating a merged signature according to the user terminal or the initial backup party, judging the correctness of the merged signature, and setting the initial backup party as a replacement device of the server;
and if the abnormal condition is that the initial backup party is abnormal, setting a new equipment backup party, performing signature verification through the user terminal, and taking the newly set backup party as a replacement equipment after the signature verification passes.
4. The method for recovering the private key according to claim 3, wherein the method for setting the initial backup party as a backup device of the user terminal according to the correctness of the merged signature generated by the server or the initial backup party comprises the following steps:
the method comprises the steps that bidirectional identity authentication is carried out on an initial backup party and a server, and after a request for obtaining a first user terminal encryption private key is sent to the server, decryption is carried out to obtain the first user terminal private key;
a first component signature is obtained by using a first user terminal private key for signature and is sent to a server;
a second user terminal private key is used for signing to obtain a second component signature, and the first component signature and the second component signature are combined to obtain a combined signature;
and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the user terminal.
5. The method for recovering the private key according to claim 4, wherein the step of verifying the reset device or the new device comprises the steps of:
setting new equipment of a user terminal or resetting the user terminal, and sending a first user terminal private key of an initial backup party to the new equipment of the user terminal or resetting the user terminal;
signing by using a first user terminal private key in new equipment or a reset user terminal of a user terminal to obtain a first component sub-signature, and sending the first component sub-signature to a server;
signing by using a second user terminal private key to obtain a second sub-quantum signature, and combining the first sub-quantum signature and the second sub-quantum signature to obtain a combined signature;
the correctness of the merged signature is verified using the user terminal or resetting the user terminal public key.
6. The method for recovering the private key according to claim 3, wherein the method for setting the initial backup party as a backup device of the server according to the correctness of the merged signature generated by the user terminal or the initial backup party comprises the following steps:
sending a second user terminal encrypted private key to an initial backup party, and decrypting the second user terminal encrypted private key to obtain a second user terminal private key;
signing by using a private key of a second user terminal to obtain a second component signature, and sending the second component signature to the user terminal;
acquiring a first user terminal private key, signing by using the first user terminal private key to obtain a first component signature, and combining the first component signature and a second component signature to obtain a combined signature;
and verifying the correctness of the merged signature, and if the verification result is correct, setting the initial backup party as a replacement device of the server.
7. The method for recovering the private key according to claim 6, wherein the step of verifying the reset device or the new device comprises the steps of:
setting new equipment of the server or resetting the server, and sending a second user terminal private key of the initial backup party to the new equipment of the server or the resetting server;
signing by using a private key of a first user terminal in the user terminal to obtain a first component sub-signature, and sending the first component sub-signature to a server;
according to the first component quantum signature, a second user terminal private key is used for signing in new equipment of a server or a reset server to obtain a second component quantum signature, and the first component quantum signature and the second component quantum signature are combined to obtain a combined signature;
and verifying the correctness of the merged signature by using the public key of the user terminal.
8. The method for recovering the private key according to claim 3, wherein a new device backup party is set, signature verification is performed through a user terminal, and the new device backup party is used as a replacement device after the signature verification is passed, comprising the following steps:
sending a certification message containing a signature message, a signature of a newly-set backup party and a public key of the new equipment backup party to a user terminal, verifying the correctness of the electronic signature by using the public key of the newly-set backup party, and setting the new equipment backup party as a replacement equipment of an initial backup party if the verification result is correct;
if the new equipment party is used for backing up the private key of the first user terminal, the user terminal encrypts the private key of the first user terminal by using the public key of the new equipment party to form a first user terminal encryption private key, sends the first user terminal encryption private key to the server for backing up, and deletes the original first user terminal encryption private key by the server;
if the new equipment side is used for backing up the private key of the second user terminal, the user terminal sends a certification message of a newly-arranged backup side to the server, the server encrypts the private key of the second user terminal by using the public key of the newly-arranged backup side after verifying the certification message to form a second user terminal encryption private key, the second user terminal encryption private key is sent to the user terminal backup, and the user terminal deletes the original second user terminal encryption private key.
9. An updating method of a private key, which is applied to updating of the private key after the private key device recovery method according to any one of claims 1 to 8, and comprises the following steps:
generating random parameters, and calculating a first user terminal updated private key and a second user terminal updated private key according to the random parameters;
encrypting the first user terminal updating private key and the second user terminal updating private key by using the initial backup party public key to respectively obtain a first user terminal updating encryption private key and a second user terminal updating encryption private key;
and sequentially replacing the first user terminal private key, the second user terminal private key, the first user terminal encrypted private key and the second user terminal encrypted private key with the first user terminal updated private key, the second user terminal updated private key, the first user terminal updated encrypted private key and the second user terminal updated encrypted private key.
10. A recovery system of private keys is characterized by comprising a backup module, a storage distribution module, an analysis module and an update disabling module;
the backup module is used for backing up the private key of the user terminal when the private key normally runs to obtain a first user terminal encrypted private key and a second user terminal encrypted private key;
the storage distribution module is used for storing the first user terminal encryption private key into a server and storing the second user terminal encryption private key into a user terminal;
the analysis module is used for judging an abnormal condition when the private key is abnormal, and selecting a replacement device of an abnormal party according to different abnormal conditions, wherein the abnormal condition comprises any one of server abnormality, user terminal abnormality or backup party abnormality;
and the updating and stopping module is used for resetting the abnormal part or generating new equipment when the abnormality is recovered, verifying the reset equipment or the new equipment, starting the reset equipment or the new equipment after the verification is successful, and stopping the replacement equipment.
11. A private key updating system is characterized by comprising an updating module, an encryption module, a signature generating module and a replacing module;
the updating module is used for generating random parameters and calculating a first user terminal updating private key and a second user terminal updating private key according to the random parameters;
the encryption module is used for encrypting the first user terminal updated private key and the second user terminal updated private key by using the initial backup party public key to respectively obtain a first user terminal updated encryption private key and a second user terminal updated encryption private key;
the replacement module is used for sequentially replacing the first user terminal private key, the second user terminal private key, the first user terminal encrypted private key and the second user terminal encrypted private key with a first user terminal updated private key, a second user terminal updated private key, a first user terminal updated encrypted private key and a second user terminal updated encrypted private key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210548541.2A CN114666066A (en) | 2022-05-20 | 2022-05-20 | Private key recovery method and system and private key updating method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210548541.2A CN114666066A (en) | 2022-05-20 | 2022-05-20 | Private key recovery method and system and private key updating method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114666066A true CN114666066A (en) | 2022-06-24 |
Family
ID=82037480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210548541.2A Pending CN114666066A (en) | 2022-05-20 | 2022-05-20 | Private key recovery method and system and private key updating method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666066A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109818753A (en) * | 2019-02-28 | 2019-05-28 | 矩阵元技术(深圳)有限公司 | Selecting a client is the method and apparatus that multi-client multiserver generates key |
| CN109861816A (en) * | 2019-02-22 | 2019-06-07 | 矩阵元技术(深圳)有限公司 | Data processing method and device |
| CN109872155A (en) * | 2019-02-22 | 2019-06-11 | 矩阵元技术(深圳)有限公司 | Data processing method and device |
| CN110225042A (en) * | 2019-06-14 | 2019-09-10 | 王雪菲 | The safe handling method and server of block chain wallet private key |
| CN110289955A (en) * | 2019-06-25 | 2019-09-27 | 杭州趣链科技有限公司 | A kind of key management method for serving certificate agency based on threshold cryptography model |
| CN110929290A (en) * | 2019-12-04 | 2020-03-27 | 南京如般量子科技有限公司 | Private key threshold backup, loss reporting and recovery system and method based on alliance chain |
| CN111355591A (en) * | 2020-02-27 | 2020-06-30 | 北京数资科技有限公司 | Block chain account safety management method based on real-name authentication technology |
| US20210092108A1 (en) * | 2019-09-24 | 2021-03-25 | Magic Labs, Inc. | Non-custodial tool for building decentralized computer applications |
| WO2022037596A1 (en) * | 2020-08-20 | 2022-02-24 | 上海万向区块链股份公司 | Combined signature and signature verification method and system, and storage medium |
-
2022
- 2022-05-20 CN CN202210548541.2A patent/CN114666066A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861816A (en) * | 2019-02-22 | 2019-06-07 | 矩阵元技术(深圳)有限公司 | Data processing method and device |
| CN109872155A (en) * | 2019-02-22 | 2019-06-11 | 矩阵元技术(深圳)有限公司 | Data processing method and device |
| CN109818753A (en) * | 2019-02-28 | 2019-05-28 | 矩阵元技术(深圳)有限公司 | Selecting a client is the method and apparatus that multi-client multiserver generates key |
| CN110225042A (en) * | 2019-06-14 | 2019-09-10 | 王雪菲 | The safe handling method and server of block chain wallet private key |
| CN110289955A (en) * | 2019-06-25 | 2019-09-27 | 杭州趣链科技有限公司 | A kind of key management method for serving certificate agency based on threshold cryptography model |
| US20210092108A1 (en) * | 2019-09-24 | 2021-03-25 | Magic Labs, Inc. | Non-custodial tool for building decentralized computer applications |
| CN110929290A (en) * | 2019-12-04 | 2020-03-27 | 南京如般量子科技有限公司 | Private key threshold backup, loss reporting and recovery system and method based on alliance chain |
| CN111355591A (en) * | 2020-02-27 | 2020-06-30 | 北京数资科技有限公司 | Block chain account safety management method based on real-name authentication technology |
| WO2022037596A1 (en) * | 2020-08-20 | 2022-02-24 | 上海万向区块链股份公司 | Combined signature and signature verification method and system, and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 冯琦等: "移动互联网环境下轻量级SM2两方协同签名", 《计算机研究与发展》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106548345B (en) | Method and system for realizing block chain private key protection based on key partitioning | |
| CN112000975B (en) | Key management system | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| US11874935B2 (en) | Protecting data from brute force attack | |
| CN101483513B (en) | Network backup system, data backup and recovery method | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| CN109981255B (en) | Method and system for updating key pool | |
| CN105915338B (en) | Generate the method and system of key | |
| CN113472793B (en) | Personal data protection system based on hardware password equipment | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| WO2016054905A1 (en) | Method for processing data | |
| CN112307488A (en) | Authentication credential protection method and system | |
| CN111355591A (en) | Block chain account safety management method based on real-name authentication technology | |
| CN112633884B (en) | Local private key recovery method and device for transaction main body identity certificate | |
| CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN110493177A (en) | Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
| CN114915504A (en) | Security chip initial authentication method and system | |
| CN112787996B (en) | Password equipment management method and system | |
| CN116527261A (en) | Key recovery method, electronic device and storage medium | |
| CN114666066A (en) | Private key recovery method and system and private key updating method and system | |
| CN107343276B (en) | Method and system for protecting SIM card locking data of terminal | |
| CN110138547B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and serial number |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220624 |
|
| RJ01 | Rejection of invention patent application after publication |