Method and system for achieving secret key generation and protection through cloud and terminal three-power separation

A technology of key generation and separation of powers, applied in the field of information security, can solve the problem that it is difficult for users to establish trust in SaaS service providers, and achieve the effect of reducing the risk of being attacked, improving security, and high security.

Active Publication Date: 2017-11-10
北京信任度科技有限公司
View PDF2 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is difficult for users to fully establish trust in SaaS service providers, how to improve the security of user keys

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for achieving secret key generation and protection through cloud and terminal three-power separation
  • Method and system for achieving secret key generation and protection through cloud and terminal three-power separation
  • Method and system for achieving secret key generation and protection through cloud and terminal three-power separation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] A method for key generation and protection realized by the separation of three rights in the cloud plus terminal of the present invention uses the mobile terminal, the SaaS server and the third-party password server to jointly generate a user key, and when used, the three parties jointly calculate and maintain independence And mutually restrict and cooperate with each other to improve the overall security of the user key; including the following steps:

[0053] (1) Key generation process: the mobile terminal, the SaaS server and the third-party password server jointly generate a key SM2;

[0054] (2) Key storage process: The key fragment of the mobile terminal is comprehensively protected by multiple means of TEE / SE, binding device hardware, fingerprint / face biometrics, password and APP reinforcement, SaaS server and third-party password server Use the cloud cipher machine to securely store their respective key fragments;

[0055] (3) Key usage process: After the user ...

Embodiment 2

[0057] A method for key generation and protection realized by the separation of three rights in the cloud plus terminal of the present invention uses the mobile terminal, the SaaS server and the third-party password server to jointly generate a user key, and the three parties jointly calculate when using it, and each remains independent And mutually restrict and cooperate with each other to improve the overall security of the user key; including the following steps:

[0058] (1) Key generation process: The mobile terminal, SaaS server and third-party password server jointly generate a key SM2; as attached figure 2 shown, including the following steps:

[0059] ①. The mobile terminal generates a random number d1, d1 = MobileGenRand(); calculates the intermediate data p1 from the random number d1, p1 = Encode(d1); encrypts p1 with the public key or certificate of the SaaS server, and obtains p1', p1' = Encrypt (p1, SaaSPubKey); and send p1' to the SaaS server;

[0060] ②. The...

Embodiment 3

[0083] as attached figure 1 As shown, a kind of cloud-plus-terminal separation of three rights of the present invention realizes key generation and protection system, including mobile terminal, SaaS server end, third-party password server end and cloud cipher machine; mobile terminal is used for mobile terminal key fragment production, safe storage and use; the SaaS server is used for the generation, safe storage and use of the key fragment of the SaaS server, and provides an API for its use; the third-party password server is used for the key fragment of the third-party password server Generation, safe storage and use; the cloud cipher machine is used for SaaS server and third-party cipher server random number generation, encryption and decryption of key fragments.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for achieving the secret key generation and protection through cloud and terminal three-power separation, and belongs to the technical field of information safety. The invention aims at solving a technical problem that how to improve the safety of a secret key of a user. The employed technical scheme is that the method comprises the steps: enabling a mobile terminal, an SaaS service side and a third password service side to jointly form a secret key SM2; enabling the mobile terminal, the SaaS service side and the third password service side to respectively store the respective secret key segments; enabling the mobile terminal, the SaaS service side and the third password service side to respectively calculate the data according to the secret key segments after a user completes the certification at the mobile terminal, carrying out the secondary calculation of a calculation result, and forming a final result. The system comprises the mobile terminal, the SaaS service side, the third password service side and a cloud password machine.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method and system for realizing key generation and protection through the separation of three rights in the cloud plus terminal. Background technique [0002] Mobile informatization refers to the realization of management, business, and service mobilization and Informatization, electronicization, and networking are the process of providing the society with efficient, high-quality, standardized, transparent, timely and electronically interactive all-round management and service. [0003] SaaS is the abbreviation of Software-as-a-Service (Software as a Service). With the development of Internet technology and the maturity of application software, a completely innovative software application model began to emerge in the 21st century. It has a similar meaning to "on-demand software" (on-demand software), the application service provider (ASP, application servi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08
CPCH04L9/0825H04L9/085H04L9/0866H04L9/0869
Inventor 马臣云
Owner 北京信任度科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products