Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A key management system, updating method, and reading method based on keystore key tree

A key management system and key update technology, which is applied in the key update method and reading field, can solve the problems of unable to reflect the key hierarchical management system, unable to ensure key security, internal ghosts, etc., and achieve multi-user The effect of key system management and convenient hierarchical key management

Active Publication Date: 2021-03-02
HANGZHOU BYTE INFORMATION TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Obviously, the key is stored in plain text in the database, which cannot ensure the security of the key. On the one hand, the database may be hacked and dragged due to profit-driven. On the other hand, the key is stored in the database in plain text. Internal developers and background maintenance and management There is also the possibility of ghosts under the temptation of huge profits
[0005] When using the traditional KeyStore method to store and manage keys, since there is no correlation between the keys stored in the KeyStore, it cannot reflect the hierarchical key management system.
Therefore, storing multiple keys requires setting up multiple corresponding KeyPass to protect the keys, and the storage management of a large number of KeyPass needs to be assisted by database management, so it needs to be improved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A key management system, updating method, and reading method based on keystore key tree
  • A key management system, updating method, and reading method based on keystore key tree
  • A key management system, updating method, and reading method based on keystore key tree

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] refer to figure 1 As shown, this embodiment provides a key management system based on a KeyStore key tree, including a key tree, and the key tree includes several layers of key layers in a hierarchical topology, specifically, as image 3 Shown:

[0057] The key tree includes the following layers of keys:

[0058] The master key, denoted as MasterKey, is located at the highest level of the entire key tree hierarchy;

[0059] The user key, denoted as UserKey, is located in the second layer of the entire key tree hierarchy and is encrypted and protected by the master key, which is used to encrypt the key of the branch node of its subordinate layer; the key of this layer can be distributed to cloud users by the cloud service system Or background management personnel and maintenance personnel with different authority levels. If this layer contains multiple user keys, they are recorded as User1_Key, User2_Key, User3_Key... respectively.

[0060] The key encryption key, de...

Embodiment 2

[0088] This embodiment provides a method for updating a key, which is applied to the key management system based on the KeyStore key tree described in Embodiment 1;

[0089] It is used to update the key of the lower branch node corresponding to the current node key when the key of the current node is updated, which specifically includes the following steps:

[0090] S100. First, the system randomly generates a new key;

[0091] S200. Traverse the lower layer node key of the node key through the original key, and read out the plaintext of the key;

[0092] S300. Using the new key to calculate the KeyPass of the lower node key;

[0093] S400, according to the KeyPass calculated in step S300, and the Alias ​​corresponding to the lower node key to re-encrypt and overwrite the storage key;

[0094] S500. Encrypt the new key using the associated name Alias ​​of the current node key and KeyPass, and overwrite the original ciphertext of the current node key.

[0095] In order to un...

Embodiment 3

[0102] Since there are two situations when the key is updated, the first one is the situation in Embodiment 2 (the key system update brought about by the node key update); the second one is caused by the associated name Alias ​​of the node key The key system update brought

[0103] Therefore, this embodiment provides a key update method for the second situation, which is applied to the key management system based on the KeyStore key tree described in Embodiment 1.

[0104] It is mainly used to update the associated name Alias ​​of the lower branch node key corresponding to the node key when the associated name Alias ​​of the current node key is updated, specifically including the following steps:

[0105] T100. Read all branch node keys with the current node key as the root node key;

[0106] T200. Correspondingly replace the associated name Alias ​​of all branch node keys with the current node key as the root node key;

[0107] T300. Recalculate the KeyPass of all branch no...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to the technical field of secure communication, in particular to a key management system based on a KeyStore key tree, and a key update method and a reading method applied to the system. The management system includes a key tree, and the key tree Including several layers of key layers in a hierarchical topology; each node key is correspondingly provided with a key identification name that identifies the node key, which is recorded as KeyName; the associated name of the child node key Alias ​​adopts its parent node The associated name Alias ​​of the key is suffixed with the KeyName of the child node key to obtain the associated name Alias ​​of the child node key; where KeyPass of the child node key=FUN(parent node key, child node key The associated name Alias); where FUN represents a one-way function whose input parameter is the parent node key and the associated name Alias ​​of the child node key. The present invention facilitates key management.

Description

technical field [0001] The invention relates to the technical field of secure communication, in particular to a key management system based on a KeyStore key tree, and a key updating method and a reading method applied to the system. Background technique [0002] With the rapid development of the Internet of Things, the key security parameters of more and more IoT terminal devices or edge platforms (such as the key used by the terminal for access authentication and authentication, the private key and certificate information used by the edge platform for identification) , user sensitive data, etc. need to be stored in the IoT cloud server for easy management, so the cloud server needs to provide keystore management services. In many cases, these key security parameters are often stored in the server database in plain text. [0003] KeyStore is a keystore file provided by Java, which is often used to encrypt and store keys on cloud servers to prevent unauthorized access. Typ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/08
CPCH04L9/0836H04L9/0869H04L9/0894H04L63/0428H04L63/06
Inventor 刘志强毛伟信
Owner HANGZHOU BYTE INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products