Management method, apparatus and system for remotely destroying private key

A management method and technology for private keys, applied in the management field of remote destruction of private keys, can solve problems such as communication tampering, hardware cost inconvenience, and inconvenience in use.

Active Publication Date: 2017-11-21
BANKEYS TECH
View PDF8 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In the process of research, the inventor found that the above three methods have their own disadvantages: the soft certificate is easy to use but the risk level of the digital certificate private key being stolen is relatively high, especially for untrusted running and storage environments such as mobile phones, attackers The private key of the user's digital certificate can be stolen by means of memory tracking and unauthorized access to local files; hard certificates are protected by hardware packaging technology and have high security, but there are problems such as inconvenient use and poor compatibility; The private key of the certificate is hosted on the cloud, and the private key is isolated and protected by the cloud, but it is difficult to ensure that the digital signature is operated by the user himself, and there is a business risk that the cloud can forge the digital signature
[0008] However, although hard certificates can ensure the safe generation and use of signature private keys, their hardware cost and inconvenience have been criticized, especially in today's rapid development of the mobile Internet, end users need to be easy to use and universally applicable Security software that can satisfy security without losing convenience
In this method, the calculation of the two parameters r and s of the signature is completed by two parties, so that each party does not have the complete signature verification data, because the data received by communication is not calculated by itself, so the data is not credible and graspable Signature verification data has no management (signature verification and destruction) method, so there is a barrel risk, that is, there is a possibility of tampering in communication, and there are security risks of counterfeiting and exhaustive attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Management method, apparatus and system for remotely destroying private key
  • Management method, apparatus and system for remotely destroying private key
  • Management method, apparatus and system for remotely destroying private key

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0114] refer to figure 1 , figure 1 A flow chart of an embodiment of a management method for remotely destroying private keys provided by the present invention is shown. Wherein, the client stores the first part of the private key dc, the server stores the second part of the private key ds, and the first part of the private key and the second part of the private key are jointly operated to generate an electronic signature. Including: step S110 to step S130.

[0115] In step S110, the client sends the digest e of the message to be signed and the random elliptic curve point Q to the server.

[0116] In step S120, the receiving server generates a first intermediate signature ts based on the first partial signature r, and the first partial signature r is generated based on e and Q.

[0117] In step S130, calculate the second intermediate signature tc through ts and dc, and send tc to the server; so that the server calculates the second partial signature s based on r, tc and ds,...

Embodiment 2

[0122] refer to figure 2 , figure 2 A flow chart of another embodiment of a management method for remotely destroying private keys provided by the present invention is shown. Wherein, the client stores the first part of the private key dc, the server stores the second part of the private key ds, and the first part of the private key and the second part of the private key are cooperatively operated to generate an electronic signature. The method includes: step S210 to step S220.

[0123] In step S210, the server receives the digest e of the message to be signed and the random elliptic curve point Q sent by the client, generates a first partial signature r based on e and Q, and generates a first intermediate signature ts based on r, and sends ts to to the client.

[0124] In step S220, the receiving client calculates the second intermediate signature tc based on ts and dc, calculates the second partial signature s based on r, tc and ds, and verifies e through the signature v...

Embodiment 3

[0208] refer to Figure 4 , Figure 4 It shows a management system 300 for remotely destroying private keys provided by the present invention, wherein the client stores the first part of the private key dc, the server stores the second part of the private key ds, and the first part of the private key is coordinated with the second part of the private key An electronic signature is generated after the operation, including:

[0209] The client 31 is used to send the digest e of the message to be signed and the random elliptic curve point Q to the server; the receiving server generates a first intermediate signature ts based on the first partial signature r, and the first partial signature r is generated based on e and Q ;Calculate the second intermediate signature tc through ts and dc, and send tc to the server; so that the server can calculate the second part of the signature s based on r, tc and ds, and verify it through the signature verification algorithm based on r, s and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a management method, apparatus and system for remotely destroying a private key. A client stores a first part of the private key dc, a server side stores a second part of the private key ds, and an electronic signature is generated after cooperative calculation on the first part of the private key and the second part of the private key. The method comprises the following steps: sending a digest e and a random elliptic curve point Q by the client to the server side; receiving a first intermediate signature ts of the server side; and calculating a second intermediate signature tc through the ts and the dc, and sending the tc to the server side so that the server side can calculate a second part of the signature s and verify the e, if verification succeeds, a signature result (r, s) is sent to an authentication end for verification, and if the verification fails, the second part of the private key ds stored at the server side is destroyed. According to the invention, through the design of a key system for storing partial private keys respectively by using a client and a trusted central server and through combination with the technical means of dynamic key destruction,hacker attacks such as client-side single-point attacks, exhaustive trial and error attacks and the like are avoided.

Description

technical field [0001] The invention relates to the technical field of mobile security, in particular to a management method, device and system for remotely destroying private keys. Background technique [0002] A digital certificate refers to an electronic signature authentication certificate that complies with the "Electronic Signature Law of the People's Republic of China" and can verify that the signer and the electronic signature data have a reliable relationship in online electronic activities such as online finance, e-government or e-commerce. Digital certificates are based on asymmetric cryptography, including public keys and private keys. The public key is called the public key, and the private key is called the private key. [0003] In the prior art, the digital certificate private key storage methods mainly include the following three methods: [0004] One is a soft certificate, also known as a file certificate, and the private key of the user's digital certifica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L29/06H04L9/30
CPCH04L9/0869H04L9/0891H04L9/0897H04L9/3066H04L63/06
Inventor 宛海加吕文华董宁周大勇赵亚新
Owner BANKEYS TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap