The invention provides an identity-based closed key management method and system. The method comprises the following steps: 1, an identity authentication request is submitted to an identity authentication server when a user logs in, and a user token is returned upon successful identity authentication; 2, when the user requires encryption/decryption service, the token and user data are submitted toan encryption/decryption service module; 3, the encryption/decryption service module submits the user token to a key management server, and requests a user data key; 4, the key management server requests the identity authentication server to verify the validity of the token, and the key management server searches for user data key ciphertext through a user ID upon successful verification; 5, thekey management server obtains user data key plaintext through decryption and returns the user data key plaintext to the encryption/decryption service module; and 6, the encryption/decryption service module carries out encryption/decryption operation on the user data through the user data key, and returns an encryption/decryption result. The system comprises the identity authentication server, thekey management server, a hardware security module, and the encryption/decryption service module.