Private key protection method, system and device based on key updating

Abstract

The invention provides a private key protection method, system and device based on key updating. The first part of private keys are stored at a first communication end, the second part of private keys are stored at a second communication end, and electronic signatures are generated after cooperative operation of the first part of private keys and the second part of private keys. The method comprises the following steps: sending generated updating parameters with inverse elements to the second communication end by the first communication end; after the first communication end receives successfully updated prompt messages fed back at the second communication end through the updating parameters or the second part of private keys updated by the inverse elements, updating the first part of private keys through the updating parameters used at the second communication end or the inverse elements corresponding to the updating parameters. Through the key system design that the private keys are stored at the two communication ends respectively, the technological means of dynamic key updating is combined, the attacks, such as bucket effect and exhaustive trial and error, of Hackers for single-point attack of the client are avoided, the business risk that digital signatures are counterfeited by a server is avoided, and the using convenience is promoted.

Description

technical field [0001] The present invention relates to the technical field of mobile security, in particular to a private key protection method, system and device based on key update. Background technique [0002] A digital certificate refers to an electronic signature authentication certificate that complies with the "Electronic Signature Law of the People's Republic of China" and can verify that the signer and the electronic signature data have a reliable relationship in online electronic activities such as online finance, e-government or e-commerce. Digital certificates are based on asymmetric cryptography, including public keys and private keys. The public key is called the public key, and the private key is called the private key. [0003] In the prior art, the digital certificate private key storage methods mainly include the following three methods: [0004] One is a soft certificate, also known as a file certificate, and the private key of the user's digital certif...

AI Technical Summary

Problems solved by technology

[0007] In the process of research, the inventor found that the above three methods have their own disadvantages: the soft certificate is easy to use but the risk level of the digital certificate private key being stolen is relatively high, especially for untrusted running and storage environments such as mobile phones, attackers The private key of the user's digital certificate can be stolen by means of memory tracking and unauthorized access to local files; hard certificates are protected by hardware packaging technology and have high security, but there are problems such as inconvenient use and poor compatibility; The private key of the certificate is hosted on the cloud, and the private key is isolated and protected by the cloud, but it is difficult to ensure that the digital signature is operated by the user himself, and there is a business risk that the cloud can forge the digital signature

[0008] However, although hard certificates can ensure the safe generation and use of signature private keys, their hardware cost and inconvenience have been criticized, especially in today's rapid development of the mobile Internet, end users need to be easy to use and universally applicable Security software that can satisfy security without losing convenience

Images