Private key management method and apparatus for bastion host

A technology of private key management and bastion machine, applied in the computer field, can solve the hidden danger of private key storage of bastion machine and other problems, and achieve the effect of improving security

Active Publication Date: 2017-09-19
BEIJING QIYI CENTURY SCI & TECH CO LTD
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention provides a bastion machine private key management method and device to solve the problem of potential safety hazards in the storage of the bastion machine private key existing in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Private key management method and apparatus for bastion host
  • Private key management method and apparatus for bastion host
  • Private key management method and apparatus for bastion host

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] refer to figure 1 , shows a flow chart of steps of a method for managing a private key of a bastion machine according to Embodiment 1 of the present invention.

[0026] The embodiment of the present invention bastion machine private key management method comprises the following steps:

[0027] Step 101: Obtain the first private key parameter set in the process file of the bastion host when the bastion host starts.

[0028] Wherein, the first private key parameter includes: a first shared key decryption code parameter. The first private key parameter is preset in the process file of the bastion host. In the embodiment of the present invention, it is assumed that the first private key parameter has been set in the process file of the bastion machine, and the second private key parameter has been set in the private key management platform. The generation of the first private key parameter and the second private key parameter may be generated by the bastion host, or may ...

Embodiment 2

[0040] refer to figure 2 , shows a flow chart of steps of a method for managing a private key of a bastion machine according to Embodiment 2 of the present invention.

[0041] The bastion machine private key management method in the embodiment of the present invention specifically includes the following steps:

[0042] Step 201: Generate the first private key parameter and the second private key parameter, and correspondingly add the first private key parameter and the second private key parameter to the process file of the bastion machine and the private key management platform.

[0043] The first private key parameters include, but are not limited to: the first shared key decryption code, the private key management platform domain name parameter, and the bastion host ID. The second private key parameter includes: a second shared key decryption code, a ciphertext private key, and a private key encryption algorithm.

[0044] A preferred method of generating and uploading th...

Embodiment 3

[0067] refer to image 3 , shows a schematic structural diagram of a bastion machine private key management device according to Embodiment 3 of the present invention.

[0068] The bastion machine private key management device in the embodiment of the present invention includes: a first acquisition module 301, which is used to acquire the first private key parameter set in the bastion machine process file when the bastion machine is started; wherein, the first private key parameter Including: the first shared key decryption code; the second acquisition module 302, configured to obtain the second private key parameter from the private key management platform; wherein, the second private key parameter includes: the second shared key decryption code, Ciphertext private key and private key encryption algorithm; Calculation module 303 is used to calculate the first shared key decryption code and the second shared key decryption code according to the shared key algorithm to obtain th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a private key management method and apparatus for a bastion host. The private key management method for a bastion host includes the steps: when the bastion host is started, acquiring a first private key parameter in a bastion host process file, wherein the first private key parameter includes a first sharing key decryption password; acquiring a second private key parameter from a private key management platform, wherein the second private key parameter includes a second sharing key decryption password, a cryptograph private key and a private key encryption algorithm; according to the sharing key algorithm, calculating the first sharing key decryption password and the second sharing key decryption password, and obtaining the decryption key; and according to the private key encryption algorithm and the decryption key, decrypting the cryptograph private key, and obtaining a bastion host private key. The private key management method for a bastion host can improve storage safety of the bastion host private key.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for managing a bastion machine private key. Background technique [0002] The bastion machine is a security audit system that has undergone certain security reinforcement and can resist certain attacks. The main function of the bastion host is to audit and control the terminal operations of the server in the production environment and provide the terminal with a single sign-on function. [0003] The terminal uses the SSH (Secure Shell, secure shell) protocol to log in to the production environment server through the bastion host. The bastion host uses the key login form, and the password login is disabled. The bastion machine has a public key and a private key. The public key is published to each production environment server, and the private key is stored locally on the bastion machine. Since the private key of the bastion machine is the only credential f...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08
CPCH04L9/0822H04L9/083H04L9/0894
Inventor 吴岩
Owner BEIJING QIYI CENTURY SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap