[go: up one dir, main page]

CN110492989B - Private key processing method, access method, and medium and device corresponding to method - Google Patents

Private key processing method, access method, and medium and device corresponding to method Download PDF

Info

Publication number
CN110492989B
CN110492989B CN201910785886.8A CN201910785886A CN110492989B CN 110492989 B CN110492989 B CN 110492989B CN 201910785886 A CN201910785886 A CN 201910785886A CN 110492989 B CN110492989 B CN 110492989B
Authority
CN
China
Prior art keywords
private key
user
verified
key
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910785886.8A
Other languages
Chinese (zh)
Other versions
CN110492989A (en
Inventor
林正显
李静伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Huaduo Network Technology Co Ltd
Original Assignee
Guangzhou Huaduo Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huaduo Network Technology Co Ltd filed Critical Guangzhou Huaduo Network Technology Co Ltd
Priority to CN202010799914.4A priority Critical patent/CN111934862B/en
Priority to CN201910785886.8A priority patent/CN110492989B/en
Publication of CN110492989A publication Critical patent/CN110492989A/en
Application granted granted Critical
Publication of CN110492989B publication Critical patent/CN110492989B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a private key processing method, an access method, a medium and a device corresponding to the method, wherein a private key abstract corresponding to a user private key is obtained by performing abstract operation on the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys; encrypting the private key of the user by using the secret key of the user to obtain an encrypted private key of the user; and combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain the encrypted data of the private key of the user. The private key abstract corresponding to the user private key obtained in the application corresponds to a plurality of different private keys. Even if a malicious user finds a private key, the private key is consistent with the private key abstract corresponding to the private key of the user after the private key is subjected to abstract operation, the private key is not necessarily the real private key of the user, and therefore the risk that the malicious user breaks the real private key of the user is reduced.

Description

Private key processing method, access method, and medium and device corresponding to method
Technical Field
The present invention relates to the field of information encryption technologies, and in particular, to a private key processing method, an access method, and a medium and an apparatus corresponding to the method.
Background
In the prior art, the client generally needs to perform encrypted backup saving on the private key of the user. At present, a method for encrypting a private key of a user is as follows: and generating a key (key) of the user by using the encryption password input by the user, and encrypting the private key of the user and the private key abstract corresponding to the private key of the user by using the key to obtain the encrypted data of the private key of the user. The private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key.
If the user wants to retrieve the private key, the user can input the encryption password to the client, the client generates a key according to the encryption password of the user, the stored encrypted data of the private key of the user is decrypted by the key, and the private key abstract are obtained after decryption. And performing digest operation on the private key, and judging whether the digest of the private key obtained by operation is consistent with the digest of the private key obtained after decryption, so as to verify whether the encrypted password input by the user is correct. If the password is consistent with the password, the user provided encryption password is considered to be correct, and the private key of the user can be sent to the user.
However, in the process of verifying whether the encryption password provided by the user is correct, a malicious user may try to obtain an encryption password which is successfully verified. Since each private key digest almost corresponds to only one private key, the private key decrypted by the successfully verified encrypted password is most likely to be the true private key of the user, and thus, the risk that a malicious user breaks the true private key of the user exists.
Disclosure of Invention
Based on the defects of the prior art, the application provides a processing method, an access method, a medium and a device of the corresponding method for the private key, so as to reduce the risk of a malicious user cracking to obtain the private key of the user.
The invention discloses a processing method of a private key in a first aspect, which is applied to a client side and comprises the following steps:
performing summary operation on a user private key to obtain a private key summary corresponding to the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys;
encrypting the user private key by using a user key to obtain an encrypted private key of the user;
and combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain the encrypted data of the private key of the user.
Optionally, in the method for processing a private key, the performing a digest operation on the user private key to obtain a private key digest corresponding to the user private key includes:
and carrying out summary operation on the user private key by using a summary function with the collision rate higher than a threshold value to obtain a private key summary corresponding to the user private key.
Optionally, in the method for processing a private key, the performing a digest operation on the user private key by using a digest function with a collision rate higher than a threshold to obtain a private key digest corresponding to the user private key includes:
calculating the user private key by using a formula hash (x) x% N to obtain a private key abstract corresponding to the user private key;
wherein x is the user private key; n is a positive integer; hash (x) is the private key digest corresponding to the private key of the user.
Optionally, in the method for processing a private key, after the combining the encrypted private key of the user and the private key digest corresponding to the private key of the user to obtain encrypted data of the private key of the user, the method further includes:
receiving a retrieval request of the user private key; wherein, the retrieval request carries an encrypted password to be verified;
performing hash operation on the encrypted password to be verified to obtain a key to be verified;
decrypting the encrypted private key in the encrypted data of the user private key by using the key to be verified to obtain the private key to be verified;
performing digest operation on the private key to be verified to obtain a private key digest to be verified;
and if the private key digest to be verified is consistent with the private key digest corresponding to the user private key in the encrypted data of the user private key, prompting the user private key to the user.
The second aspect of the present invention discloses a server access method, which is applied to a client, and the server access method includes:
sending a login request of a user to a server; the login request of the user carries original data and signature data; the original data comprises identification information of a user and a private key abstract corresponding to a private key of the user; the private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys; and the signature data is obtained by the client by using the user private key to sign the original data.
The third aspect of the invention discloses a server access method, which is applied to a server and comprises the following steps:
receiving a login request of a user sent by a client; the login request of the user carries original data and signature data; the original data comprises identification information of a user and a private key abstract corresponding to a private key of the user; the private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys; the signature data is obtained by the client by using the user private key to sign the abstract data of the original data;
verifying whether the login request is legal or not by using a public key and original data of the user which are uploaded by the client in advance;
if the login request is illegal, judging whether a private key abstract corresponding to a user private key carried in the login request is consistent with a private key abstract corresponding to a user private key uploaded by the client in advance; the private key abstract corresponding to the user private key uploaded by the client in advance is obtained by performing abstract operation on the user private key by the client; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys;
and if the private key abstract corresponding to the user private key carried by the login request is consistent with the private key abstract corresponding to the user private key uploaded by the client in advance, sending reminding information to a legal user of the user private key, wherein the reminding information is used for explaining that the user private key of the legal user is in risk of being illegally cracked.
Optionally, in the server access method, the verifying whether the login request is legal by using a public key and original data of a user uploaded by the client in advance includes:
verifying the signature data by using a public key of a user uploaded by the client in advance;
if the verification passes, the login request is determined to be legal;
and if the verification label is not passed, the login request is determined to be illegal.
The fourth aspect of the present invention discloses a processing apparatus for a private key, where the processing apparatus for a private key is a client, and the client includes:
the first computing unit is used for carrying out summary operation on a user private key to obtain a private key summary corresponding to the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys;
the encryption unit is used for encrypting the user private key by using a secret key of a user to obtain an encrypted private key of the user;
and the combination unit is used for combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain the encrypted data of the private key of the user.
Optionally, in the processing apparatus for processing the private key, the first computing unit includes:
and the first calculating subunit is used for performing summary operation on the user private key by using a summary function with the collision rate higher than a threshold value to obtain a private key summary corresponding to the user private key.
Optionally, in the processing apparatus for processing the private key, the first computing subunit includes:
the second calculating subunit is configured to calculate the user private key by using a formula hash (x) x% N, to obtain a private key digest corresponding to the user private key;
wherein x is the user private key; n is a positive integer; hash (x) is the private key digest corresponding to the private key of the user.
Optionally, in the processing apparatus for processing the private key, the apparatus further includes:
the receiving unit is used for receiving a retrieval request of the user private key; wherein, the retrieval request carries an encrypted password to be verified;
the second computing unit is used for carrying out hash operation on the encrypted password to be verified to obtain a key to be verified;
the decryption unit is used for decrypting the encrypted private key in the encrypted data of the user private key by using the key to be verified to obtain the private key to be verified;
the third calculating unit is used for performing summary operation on the private key to be verified to obtain a private key summary to be verified;
and the prompting unit is used for prompting the user private key to the user if the private key abstract to be verified is consistent with the private key abstract corresponding to the user private key in the encrypted data of the user private key.
The fifth aspect of the present invention discloses a server access device, where the server access device is a client, and the client includes:
a sending unit, configured to send a login request of a user to a server; the login request of the user carries original data and signature data; the original data comprises identification information of a user and a private key abstract corresponding to a private key of the user; the private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys; and the signature data is obtained by the client by using the user private key to sign the original data.
A sixth aspect of the present invention discloses a server access device, where the server access device is a server, and the server includes:
the receiving unit is used for receiving a login request of a user sent by a client; the login request of the user carries original data and signature data; the original data comprises identification information of a user and a private key abstract corresponding to a private key of the user; the private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys; the signature data is obtained by the client by using the user private key to sign the abstract data of the original data;
the verification unit is used for verifying whether the login request is legal or not by utilizing the public key and the original data of the user which are uploaded by the client in advance;
the judging unit is used for judging whether the private key abstract corresponding to the user private key carried in the login request is consistent with the private key abstract corresponding to the user private key uploaded by the client in advance or not if the login request is illegal; the private key abstract corresponding to the user private key uploaded by the client in advance is obtained by performing abstract operation on the user private key by the client; the private key abstract corresponding to the user private key corresponds to a plurality of different private keys;
and the reminding unit is used for sending reminding information to a legal user of the user private key if the private key digest corresponding to the user private key carried by the login request is consistent with the private key digest corresponding to the user private key uploaded by the client in advance, wherein the reminding information is used for explaining that the user private key of the legal user is illegally cracked.
Optionally, in the server access device, the authentication unit includes:
the signature verification unit is used for verifying the signature of the signature data by using a public key of a user uploaded by the client in advance; if the verification passes, the login request is determined to be legal; and if the verification label is not passed, the login request is determined to be illegal.
A seventh aspect of the invention discloses a computer readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements a method of processing a private key as defined in any one of the above first aspects, a method of server access as defined in the above second aspects, or a method of server access as defined in any one of the above third aspects.
An eighth aspect of the present invention discloses an electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement a method of processing a private key as described in any one of the above first aspects, a method of server access as described in the above second aspect, or a method of server access as described in any one of the above third aspects.
According to the technical scheme, the private key processing method is applied to the client, and the private key abstract corresponding to the private key of the user is obtained by performing abstract operation on the private key of the user. The private key abstract corresponding to the user private key corresponds to a plurality of different private keys. And encrypting the private key of the user by using the secret key of the user to obtain the encrypted private key of the user. And combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain the encrypted data of the private key of the user. The private key abstract corresponding to the user private key obtained in the application corresponds to a plurality of different private keys. Even if a malicious user finds a private key, the private key is consistent with the private key abstract corresponding to the private key of the user after the private key is subjected to abstract operation, the private key is not necessarily the real private key of the user, and therefore the risk that the malicious user breaks the real private key of the user is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for processing a private key according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for generating a secret key of a user according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a method for retrieving a private key of a user according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a server access method according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a method for verifying signature data according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a device for processing a private key according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a server access device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of another server access device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of the present application discloses a method for processing a private key, which is applied to a client and includes the specific steps of:
s101, performing summary operation on the user private key to obtain a private key summary corresponding to the user private key.
The private key abstract corresponding to the user private key corresponds to a plurality of different private keys. The fact that the private key digests corresponding to the user private keys correspond to a plurality of different private keys means that other private keys such as a private key A and a private key B except the user private key exist, and the corresponding private key digests obtained by performing digest operation on the other private keys such as the private key A and the private key B are the same as the private key digests corresponding to the user private keys. Namely, the private key digests are not in one-to-one correspondence with the private keys, other private keys except the user private key exist, and the private key digests corresponding to the user private key can also be obtained after the digest operation is carried out. The user private key is a private key encryption algorithm used by the user to encrypt and decrypt data, and is unique to the user. When the user needs to encrypt and protect some data, the user private key can be used for encryption, and when the user needs to use the data, the data can be obtained by decrypting the data by using the user private key.
Specifically, when step S101 is executed, the user private key is substituted into the digest function to perform digest operation, so as to obtain a private key digest corresponding to the user private key.
In order to enable the private key digests corresponding to the user private key to correspond to a plurality of different private keys, in step S101, a digest function with a collision rate higher than a threshold may be used to perform a digest operation on the user private key to obtain a private key digest corresponding to the user private key.
Wherein collision rate refers to the probability of the existence of private keys having the same private key digest. And performing digest operation on the user private key by adopting a digest function with higher collision rate, wherein the obtained private keys corresponding to the private key digests corresponding to the user private key are more. The threshold value can be set according to actual conditions. When the collision rate is higher than the threshold value, if a malicious user tries to crack the private key of the user according to the private key digest corresponding to the private key of the user, even if one private key is tried to obtain a digest which is consistent with the private key digest corresponding to the private key of the user after the digest budget is passed, the private key is only one of a plurality of private keys which can obtain the digest of the private key, and is not necessarily a real private key of the user. Therefore, the higher the collision rate is, the more private keys corresponding to the private key digests corresponding to the user private keys are, and the lower the probability that the real user private key can be tried out through the private key digests corresponding to the user private keys is.
Optionally, in a specific embodiment of the present application, performing a digest operation on the user private key by using a digest function whose collision rate is higher than a threshold to obtain a private key digest corresponding to the user private key includes:
and calculating the private key of the user by using a formula hash (x) x% N to obtain a private key abstract corresponding to the private key of the user.
In the formula, x is a user private key; n is a positive integer; hash (x) is the private key digest corresponding to the user's private key. The value of N is determined by the collision rate threshold. "%" is the remainder operation. If N is 1000, it means that one of 1000 private keys will have a hash (x) after performing the digest operation. Therefore, the smaller the value of N, the higher the collision rate, and the more difficult it is for a malicious user to try out the private key through the private key digest.
S102, encrypting the private key of the user by using the secret key of the user to obtain the encrypted private key of the user.
The key (key) of the user is obtained by operation of an encryption password input by the user. After the private key of the user is encrypted by using the secret key of the user, the private key of the user can be successfully decrypted when the user inputs a correct encryption password.
Optionally, referring to fig. 2, in an embodiment of the present application, a method for generating a secret key of a user includes:
and carrying out one-way Hash (Hash) operation on the encrypted password input by the user and the salt (salt) value generated randomly for multiple times to obtain the secret key of the user.
The number n of times of performing the one-way hash operation is different, and the generated keys of the users are also different. The salt value is a random number, the salt values used in the process of generating the key of the user are different, and the obtained key of the user is also different. Therefore, the user's key is determined by the salt, the encrypted password entered by the user, and the number of hash operations. Since the generation of the user's key is determined by a number of parameters, the risk of the user's key being stolen is also reduced.
S103, combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain encrypted data of the private key of the user.
The encrypted private key of the user is obtained in step S102, and the private key digest corresponding to the private key of the user is obtained in step S101. The encrypted data of the combined user private key may be stored in the client. When the user needs to use the user private key, the client side can verify the encrypted password according to the encrypted password and the encrypted data of the user private key by inputting the encrypted password, and if the verification is successful, the user can obtain the user private key.
It should be noted that, in the encrypted data of the user private key, the private key digest corresponding to the user private key is not encrypted by the user private key. If the private key digest corresponding to the user private key and the user private key are encrypted by using the keys, the probability that the private key and the private key digest are equal becomes lower because the private key and the private key digest obtained after the encryption key is used for trying to decrypt are both random values, and if a malicious user finds a key which meets the condition that the private key and the private key digest are equal, the obtained private key is likely to be the correct private key, namely, the obtained private key is likely to be the correct private key as long as the verification is successful. In the application, the private key digest corresponding to the private key of the user is not encrypted, so that the private key digest is not a random value, and the obtained private key is not necessarily the correct private key even if the verification is successful because the private keys corresponding to the private key digests are multiple.
Optionally, referring to fig. 3, in an embodiment of the present application, after the step S103 is executed, the method further includes:
s301, receiving a retrieval request of a user private key.
When the user needs to use the user private key, a retrieval request is sent to the client. Wherein, the retrieval request carries the encrypted password to be verified. It should be noted that the retrieval request may also carry identification information of the user, where the identification information of the user may be an account (ID) of the user. The client can know which private key the user needs to retrieve according to the identification information of the user, and find the encrypted data of the user private key corresponding to the identification information of the user, wherein the encrypted data of the user private key is obtained in step S103 shown in fig. 1.
S302, carrying out Hash operation on the encryption password to be verified to obtain the key to be verified.
The client generates a key to be verified according to the encrypted password to be verified, wherein the process of generating the key is the same as the principle and the execution process shown in fig. 2, and is not described herein again.
S303, decrypting the encrypted private key in the encrypted data of the user private key by using the key to be verified to obtain the private key to be verified.
If the encrypted password to be verified input by the user is correct, the key to be verified obtained according to the encrypted password to be verified is also the same as the key for encrypting the private key in step S102 shown in fig. 1, and the true private key of the user can also be obtained by decrypting the encrypted private key with the key to be verified. If the encrypted password to be verified input by the user is wrong, the secret key to be verified obtained according to the encrypted password to be verified is different from the secret key for encrypting the private key in the step S102, and the obtained private key to be verified cannot be the true private key of the user by decrypting the encrypted private key by using the secret key to be verified.
S304, performing summary operation on the private key to be verified to obtain the summary of the private key to be verified.
The specific principle and the execution process of performing the digest operation on the private key to be verified are the same as those of step S101 in fig. 1, and are not described herein again.
S305, judging whether the private key digest to be verified is consistent with the private key digest corresponding to the user private key in the encrypted data of the user private key.
If the private key digest to be verified is consistent with the private key digest corresponding to the user private key in the encrypted data of the user private key, it indicates that the verification is successful, and step S306 is executed. If the private key digest to be verified is inconsistent with the private key digest corresponding to the user private key in the encrypted data of the user private key, the verification is not passed, and the user can be prompted that the input encrypted password is wrong. Optionally, if the encryption password continuously input by the same user ID for multiple times is wrong, a prompt message may be sent to the mobile phone number of the true legal user corresponding to the user ID to prompt the legal user that the risk of the user private key being cracked exists.
S306, prompting the user with the user private key.
The step of prompting the private key to the user refers to prompting the user that the verification is successful and providing the private key decrypted by the key to be verified to the user.
It should be noted that, when the digest of the private key to be verified is consistent with the digest of the private key corresponding to the user private key in the encrypted data of the user private key, the private key obtained by decrypting the key to be verified is not necessarily the true user private key. Because the private key digest corresponding to the user private key in the present application may correspond to a plurality of different private keys. If a malicious user finds an encryption password which is successfully verified in the process of trying to encrypt the password, the secret key to be verified generated by the encryption password is used for decrypting the encrypted private key of the user, and the obtained secret key is not necessarily the private key of the user, and may be other private keys corresponding to the private key abstract corresponding to the private key of the user.
For example, the private key digest corresponding to the user private key a corresponds to other private keys such as a private key B, a private key C, and a private key D. The malicious user tries an encryption password, and a secret key generated by the encryption password is used for decrypting the private key of the user and then successfully verifying the private key. Then, the private key obtained by decrypting the private key of the user by the encryption password may be one of private keys such as a private key a of the user, a private key B of the user, a private key C of the user, a private key D of the user, and the like, and the private key sent by the client to the malicious user is not necessarily the true private key a of the user. When the number of different private keys corresponding to the user private key abstract is larger, the possibility that the true user private key A is decrypted after the malicious user successfully verifies the user private key abstract is smaller, the risk that the user private key is successfully cracked by the malicious user is reduced, and meanwhile, the user with the correct encrypted password cannot be influenced to find the correct user private key.
The processing method of the private key is applied to the client side, and the private key abstract corresponding to the private key of the user is obtained by performing abstract operation on the private key of the user. The private key abstract corresponding to the user private key corresponds to a plurality of different private keys. And encrypting the private key of the user by using the secret key of the user to obtain the encrypted private key of the user. And combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain the encrypted data of the private key of the user. The private key abstract corresponding to the user private key obtained in the application corresponds to a plurality of different private keys. Even if a malicious user finds a private key, the private key is consistent with the private key abstract corresponding to the private key of the user after the private key is subjected to abstract operation, the private key is not necessarily the real private key of the user, and therefore the risk that the malicious user breaks the real private key of the user is reduced.
Referring to fig. 4, based on the processing method of the private key disclosed in the embodiment of the present application, the embodiment of the present application further discloses a server access method, which specifically includes the following steps:
s401, the client sends a login request of the user to the server.
The login request of the user carries original data and signature data. The original data comprises identification information of the user and a private key abstract corresponding to a private key of the user. The private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key provided in the embodiment of the private key processing method. The user identification information is specifically the ID of the user, when the user registers the ID, the ID of the user, the private key abstract corresponding to the private key of the user and the public key corresponding to the private key of the user are uploaded to the server, namely, the server reserves the original data and the public key of the user when the user registers the ID, when the user logs in, the server can verify the information in the login request of the user according to the pre-uploaded data, if the verification is passed, the user who currently requests to log in is a legal user, and the user can be granted to access the server.
The signature data carried by the user login request is obtained by a client by signing the original data by using a user private key. Optionally, the process of signing the original data using the user private key is: the client performs summary operation on the original data to obtain summary data to be verified, and then encrypts the summary data to be verified by using a user private key to obtain signature data.
It should be noted that step S401 may also be regarded as the server receiving a login request of the user sent by the client.
S402, the server verifies whether the login request is legal or not by using the public key and the original data of the user uploaded by the client in advance.
Whether the login request is legal or not is mainly judged according to whether a private key used by the user is a real private key of the user or not. If the login request is legitimate, then the private key used by the user to sign will be the true private user key, and if the login request is illegitimate, then the private key used by the user to sign will not be the true private user key.
And if the login request is verified to be legal, responding to the login request of the user sent by the client, and receiving the access of the client to the server. Optionally, a reminding message may be sent to the client to remind the user of successful login.
If the login request is not verified to be legal, the user is denied access to the server and step S403 is performed. Specifically, a prompt message of the refusal login request may be sent to the client.
Optionally, referring to fig. 5, in a specific embodiment of the present application, the verifying, by the server, whether the login request is legal by using the public key and the original data of the user uploaded by the client in advance includes:
and S501, verifying the signature of the signature data by using the public key of the user uploaded by the client in advance.
If the verification label passes, the login request is determined to be legal, and if the verification label does not pass, the login request is determined to be illegal. Specifically, the process of executing step S501 is: and decrypting the signature data by using a public key uploaded by the client in advance to obtain the abstract to be verified. And judging whether the abstract to be verified is consistent with the original abstract data, if so, proving that the user adopts a real user private key to sign, namely, the signature passes the verification and the login request is legal. If the summary data to be verified is inconsistent with the original summary data, the fact that the user sending the login request does not adopt a real user private key for signature is proved, the signature verification fails, and the login request is illegal. The original abstract data is obtained by performing abstract operation on original data uploaded by a client in advance through a server. The original abstract data can be obtained by performing abstract operation after receiving a user login request every time, or the original abstract data uploaded can be subjected to abstract operation in advance, the obtained original abstract data is stored in the server, and the original abstract data stored in the server is directly taken out for signature verification after receiving the login request of the client.
It should be noted that, since the public key of the user and the private key of the user are a key pair obtained by an algorithm, if the private key is used for encryption, the public key must be used for decryption, otherwise, the decryption will not be successful. Therefore, the public key of the user is adopted for signature verification, and if the signature verification passes, the signature data carried in the login request of the user is the data which is signed by the real private key of the user.
And S403, judging whether the private key abstract corresponding to the user private key carried in the login request is consistent with the private key abstract corresponding to the user private key uploaded by the client in advance.
If the login request of the user is illegal, whether the private key of the user is illegally cracked can be determined by judging whether the private key abstract corresponding to the private key of the user carried in the login request is consistent with the private key abstract corresponding to the private key of the user uploaded by the client in advance.
If the private key digest corresponding to the user private key carried in the login request is consistent with the private key digest corresponding to the user private key uploaded by the client in advance, it indicates that the user private key of the legal user is at risk of being illegally cracked, and step S404 needs to be executed. The private key digest corresponding to the user private key carried in the login request is obtained by performing digest operation on the user private key, which is provided by the embodiment of the private key processing method, so that the private key digest corresponding to the user private key corresponds to a plurality of different private keys. If the private key digest corresponding to the user private key carried in the login request is a correct private key digest, it is indicated that the private key digest corresponding to the user private key is probably stolen by a malicious user, and then a private key which is consistent with the private key digest corresponding to the user private key after digest operation is tried out.
And if the private key digest corresponding to the user private key carried in the login request is inconsistent with the private key digest corresponding to the user private key uploaded by the client in advance, ending the process.
S404, sending reminding information to a legal user of the user private key.
The reminding information is used for explaining the risk that the user private key of the legal user is illegally cracked. Optionally, a reminding message may be sent to the mobile phone number of the legitimate user to inform the legitimate user.
According to the server access method provided by the embodiment of the application, under the condition that the login request is verified to be illegal by the server, whether the private key abstract corresponding to the user private key carried in the login request is consistent with the private key abstract corresponding to the user private key uploaded by the client in advance is further judged. And if the private key abstract corresponding to the user private key carried by the login request is consistent with the private key abstract corresponding to the user private key uploaded by the client in advance, sending reminding information to a legal user of the user private key, wherein the reminding information is used for explaining the risk that the user private key of the legal user is illegally cracked. The private key digest corresponding to the user private key carried in the login request in the embodiment of the application is obtained by performing digest operation on the user private key provided in the embodiment of the private key processing method, so that the private key digest corresponding to the user private key in the embodiment of the application corresponds to a plurality of private keys, and if the private key digest corresponding to the user private key carried in the login request is consistent with the private key digest uploaded in the server in advance but the login request is not legal, it indicates that a malicious user may try to obtain another private key corresponding to the private key digest corresponding to the user private key, that is, the risk that the user private key is illegally cracked is detected. By the server access method provided by the embodiment of the application, the risk that the private key of the user is illegally cracked can be detected, and the legal user is reminded.
Referring to fig. 6, based on the processing method of the private key, the embodiment of the present application further discloses a processing apparatus 600 of the private key, where the processing apparatus 600 of the private key is a client, and includes: a first calculation unit 601, an encryption unit 602, and a combination unit 603.
The first calculating unit 601 is configured to perform an abstract operation on the user private key to obtain a private key abstract corresponding to the user private key. The private key abstract corresponding to the user private key corresponds to a plurality of different private keys.
Optionally, in a specific embodiment of the present application, the first calculating unit 601 includes:
and the first calculating subunit is used for performing summary operation on the user private key by using a summary function with the collision rate higher than the threshold value to obtain a private key summary corresponding to the user private key.
Optionally, in a specific embodiment of the present application, the first calculating subunit includes:
and the second calculating subunit is configured to calculate the user private key by using a formula hash (x) x% N, so as to obtain a private key digest corresponding to the user private key.
In the formula, x is a user private key; n is a positive integer; hash (x) is the private key digest corresponding to the user's private key.
An encrypting unit 602, configured to encrypt the user private key with the user key to obtain an encrypted private key of the user.
The combining unit 603 is configured to combine the encrypted private key of the user and the private key digest corresponding to the private key of the user to obtain encrypted data of the private key of the user.
Optionally, in a specific embodiment of the present application, the device 600 for processing a private key further includes: the device comprises a receiving unit, a second calculating unit, a decrypting unit, a third calculating unit and a prompting unit.
And the receiving unit is used for receiving a retrieval request of the private key of the user. Wherein, the retrieval request carries the encrypted password to be verified.
And the second computing unit is used for performing hash operation on the encryption password to be verified to obtain the key to be verified.
And the decryption unit is used for decrypting the encrypted private key in the encrypted data of the user private key by using the key to be verified to obtain the private key to be verified.
And the third calculating unit is used for performing summary operation on the private key to be verified to obtain the summary of the private key to be verified.
And the prompting unit is used for prompting the user private key to the user if the private key abstract to be verified is consistent with the private key abstract corresponding to the user private key in the encrypted data of the user private key.
The specific principle and the implementation process of the processing apparatus 600 for a private key disclosed in the embodiment of the present application are the same as those of the processing method for a private key disclosed in the embodiment of the present application, and reference may be made to corresponding parts in the processing method for a private key disclosed in the embodiment of the present application, which are not described herein again.
The processing apparatus 600 for a private key provided in the present application is a client, and performs an abstract operation on a user private key through the first computing unit 601 to obtain a private key abstract corresponding to the user private key. The private key abstract corresponding to the user private key corresponds to a plurality of different private keys. The encryption unit 602 encrypts the user private key with the user key to obtain the user encrypted private key. The combining unit 603 combines the encrypted private key of the user and the private key digest corresponding to the private key of the user to obtain the encrypted data of the private key of the user. In the present application, the private key digest corresponding to the user private key obtained by the first computing unit 601 corresponds to a plurality of different private keys. Even if a malicious user finds a private key, the private key is consistent with the private key abstract corresponding to the private key of the user after the private key is subjected to abstract operation, the private key is not necessarily the real private key of the user, and therefore the risk that the malicious user breaks the real private key of the user is reduced.
Referring to fig. 7, based on the above server access method, an embodiment of the present application correspondingly discloses a server access device 700, where the server access device 700 is a client, and includes: a transmitting unit 701.
A sending unit 701, configured to send a login request of a user to a server.
The login request of the user carries original data and signature data. The original data comprises identification information of the user and a private key abstract corresponding to the private key of the user, and the private key abstract corresponding to the private key of the user is obtained by performing abstract operation on the private key of the user. The private key abstract corresponding to the private key of the user corresponds to a plurality of different private keys. The signature data is obtained by the client by signing the original data by using a private key of a user.
The specific principle and the implementation process in the server access device 700 disclosed in the embodiment of the present application are the same as those in the server access method disclosed in the embodiment of the present application, and reference may be made to corresponding parts in the server access method disclosed in the embodiment of the present application, which are not described herein again.
Referring to fig. 8, an embodiment of the present application further discloses another server access apparatus 800, where the server access apparatus 800 is a server, and includes: a receiving unit 801, a verifying unit 802, a judging unit 803 and a reminding unit 804.
The receiving unit 801 is configured to receive a login request of a user sent by a client.
The login request of the user carries original data and signature data. The original data comprises identification information of the user and a private key abstract corresponding to a private key of the user. The private key abstract corresponding to the user private key is obtained by performing abstract operation on the user private key, and the private key abstract corresponding to the user private key corresponds to a plurality of different private keys. The signature data is obtained by the client signing the summary data of the original data by using a user private key.
The verifying unit 802 is configured to verify whether the login request is legal by using the public key and the original data of the user, which are uploaded by the client in advance.
Optionally, in an embodiment of the present application, the verification unit 802 includes: and the signature verification unit is used for verifying the signature of the signature data by using the public key of the user uploaded by the client in advance. If the verification passes, the login request is determined to be legal; if the verification label is not passed, the login request is determined to be illegal.
The determining unit 803 is configured to determine whether the private key digest corresponding to the user private key carried in the login request is consistent with the private key digest corresponding to the user private key uploaded by the client in advance, if the login request is illegal. The private key abstract corresponding to the user private key uploaded by the client in advance is obtained by performing abstract operation on the user private key by the client. The private key abstract corresponding to the private key of the user corresponds to a plurality of different private keys.
And the reminding unit 804 is used for sending reminding information to a legal user of the user private key if the private key digest corresponding to the user private key carried by the login request is consistent with the private key digest corresponding to the user private key uploaded by the client in advance. The reminding information is used for explaining the risk that the user private key of the legal user is illegally cracked.
The specific principle and the implementation process in the server access device 800 disclosed in the embodiment of the present application are the same as those in the server access method disclosed in the embodiment of the present application, and reference may be made to corresponding parts in the server access method disclosed in the embodiment of the present application, which are not described herein again.
In the server access device 800 according to the embodiment of the present application, when the verification unit 802 verifies that the login request is not legal, the determination unit 803 further determines whether the private key digest corresponding to the user private key carried in the login request is consistent with the private key digest corresponding to the user private key uploaded by the client in advance. If the private key digest corresponding to the user private key carried in the login request is consistent with the private key digest corresponding to the user private key uploaded by the client in advance, the reminding unit 804 sends reminding information to a legal user of the user private key, wherein the reminding information is used for explaining that the user private key of the legal user is at risk of being illegally cracked. In the embodiment of the present application, the private key digest corresponding to the user private key carried in the login request sent by the sending unit 701 in the server access apparatus 700 is obtained by performing digest calculation on the user private key, and the private key digest corresponding to the user private key corresponds to a plurality of private keys. By the server access device provided by the embodiment of the application, the risk that the private key of the user is illegally cracked can be detected, and the legal user is reminded.
The embodiment of the application provides a computer readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the processing method of the private key or the server access method provided by the above method embodiments.
The embodiment of the application provides electronic equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein when the processor executes the program, the processing method of the private key provided by the above method embodiments is realized, or a server access method is realized.
The embodiment of the present application further provides a computer program product, which when executed on a data processing device, enables the data processing device to implement the processing method of the private key or the server access method provided in the above method embodiments.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (4)

1. A server access method is applied to a client, and comprises the following steps:
performing summary operation on a user private key to obtain a private key summary corresponding to the user private key and corresponding to a plurality of different private keys except the user private key;
encrypting the user private key by using a user key to obtain an encrypted private key of the user; the secret key of the user is obtained by the operation of an encryption password input by the user;
combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain encrypted data of the private key of the user;
receiving a retrieval request of the user private key; wherein, the retrieval request carries an encrypted password to be verified; the retrieval request of the user private key is used for requesting the client to provide the user private key for the user;
performing hash operation on the encrypted password to be verified to obtain a key to be verified;
decrypting the encrypted private key in the encrypted data of the user private key by using the key to be verified to obtain the private key to be verified;
performing digest operation on the private key to be verified to obtain a private key digest to be verified;
if the private key digest to be verified is consistent with a private key digest corresponding to a user private key in the encrypted data of the user private key, prompting the user for the private key to be verified;
sending a login request of the user carrying original data and signature data to a server; the original data comprises identification information of the user and the private key abstract to be verified; the signature data is obtained by the client by signing the original data by using the private key to be verified, the digest of the private key to be verified is obtained by performing digest operation on the private key to be verified, and the original data and the signature data carried in the login request are used for verifying whether the login request is legal by the server; and the private key abstract to be verified carried in the login request is used for verifying whether the private key of the user is in risk of being illegally cracked by the server.
2. A server access device, wherein the server access device is a client, and the client comprises:
the first computing unit is used for carrying out summary operation on a user private key to obtain a private key summary corresponding to the user private key and corresponding to a plurality of different private keys except the user private key;
the encryption unit is used for encrypting the user private key by using a secret key of a user to obtain an encrypted private key of the user; the secret key of the user is obtained by the operation of an encryption password input by the user;
the combination unit is used for combining the encrypted private key of the user and the private key abstract corresponding to the private key of the user to obtain encrypted data of the private key of the user;
the receiving unit is used for receiving a retrieval request of the user private key; wherein, the retrieval request carries an encrypted password to be verified; the retrieval request of the user private key is used for requesting the client to provide the user private key for the user;
the second computing unit is used for carrying out hash operation on the encrypted password to be verified to obtain a key to be verified;
the decryption unit is used for decrypting the encrypted private key in the encrypted data of the user private key by using the key to be verified to obtain the private key to be verified;
the third calculation unit is used for prompting the private key to be verified to the user if the private key digest to be verified is consistent with the private key digest corresponding to the user private key in the encrypted data of the user private key;
the prompting unit is used for prompting the private key to be verified to the user if the private key digest to be verified is consistent with the private key digest corresponding to the user private key in the encrypted data of the user private key;
the sending unit is used for sending a login request of the user carrying original data and signature data to a server; the original data comprises identification information of the user and the private key abstract to be verified; the signature data is obtained by the client by signing the original data by using the private key to be verified, the digest of the private key to be verified is obtained by performing digest operation on the private key to be verified, and the original data and the signature data carried in the login request are used for verifying whether the login request is legal by the server; and the private key abstract to be verified carried in the login request is used for verifying whether the private key of the user is in risk of being illegally cracked by the server.
3. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the server access method of claim 1.
4. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the server access method of claim 1.
CN201910785886.8A 2019-08-23 2019-08-23 Private key processing method, access method, and medium and device corresponding to method Active CN110492989B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010799914.4A CN111934862B (en) 2019-08-23 2019-08-23 Server access method and device, readable medium and electronic equipment
CN201910785886.8A CN110492989B (en) 2019-08-23 2019-08-23 Private key processing method, access method, and medium and device corresponding to method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910785886.8A CN110492989B (en) 2019-08-23 2019-08-23 Private key processing method, access method, and medium and device corresponding to method

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202010799914.4A Division CN111934862B (en) 2019-08-23 2019-08-23 Server access method and device, readable medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN110492989A CN110492989A (en) 2019-11-22
CN110492989B true CN110492989B (en) 2020-11-13

Family

ID=68553472

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201910785886.8A Active CN110492989B (en) 2019-08-23 2019-08-23 Private key processing method, access method, and medium and device corresponding to method
CN202010799914.4A Active CN111934862B (en) 2019-08-23 2019-08-23 Server access method and device, readable medium and electronic equipment

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202010799914.4A Active CN111934862B (en) 2019-08-23 2019-08-23 Server access method and device, readable medium and electronic equipment

Country Status (1)

Country Link
CN (2) CN110492989B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111739200B (en) * 2020-06-19 2021-11-16 广东工业大学 A fingerprint electronic lock encryption, decryption authentication method and fingerprint electronic lock
CN113127844A (en) * 2021-03-24 2021-07-16 山东英信计算机技术有限公司 Variable access method, device, system, equipment and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447870A (en) * 2008-12-25 2009-06-03 中国电子科技集团公司第五十四研究所 Safe storage method of private key based on technology of distributed password
CN104796265A (en) * 2015-05-06 2015-07-22 厦门大学 Internet-of-things identity authentication method based on Bluetooth communication access
CN105812334A (en) * 2014-12-31 2016-07-27 北京华虹集成电路设计有限责任公司 Network authentication method
CN106453234A (en) * 2016-08-12 2017-02-22 北京东方车云信息技术有限公司 Identity authentication method, relevant server and client
CN108200014A (en) * 2017-12-18 2018-06-22 北京深思数盾科技股份有限公司 The method, apparatus and system of server are accessed using intelligent key apparatus
CN109104272A (en) * 2017-06-20 2018-12-28 上海策链信息科技有限公司 Private key store method, system and computer readable storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792303B2 (en) * 2004-07-14 2010-09-07 Intel Corporation Method of delivering direct proof private keys to devices using a distribution CD
KR101735708B1 (en) * 2016-02-02 2017-05-15 주식회사 코인플러그 Method and server for providing notary service with respect to file and verifying the recorded file by using the notary service
CN106656495B (en) * 2016-10-18 2018-06-12 北京海泰方圆科技股份有限公司 A kind of method and device of user password storage
CN109246156B (en) * 2018-10-30 2021-03-02 佛山中科芯蔚科技有限公司 Login authentication method and device, login method and device, and login authentication system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447870A (en) * 2008-12-25 2009-06-03 中国电子科技集团公司第五十四研究所 Safe storage method of private key based on technology of distributed password
CN105812334A (en) * 2014-12-31 2016-07-27 北京华虹集成电路设计有限责任公司 Network authentication method
CN104796265A (en) * 2015-05-06 2015-07-22 厦门大学 Internet-of-things identity authentication method based on Bluetooth communication access
CN106453234A (en) * 2016-08-12 2017-02-22 北京东方车云信息技术有限公司 Identity authentication method, relevant server and client
CN109104272A (en) * 2017-06-20 2018-12-28 上海策链信息科技有限公司 Private key store method, system and computer readable storage medium
CN108200014A (en) * 2017-12-18 2018-06-22 北京深思数盾科技股份有限公司 The method, apparatus and system of server are accessed using intelligent key apparatus

Also Published As

Publication number Publication date
CN110492989A (en) 2019-11-22
CN111934862A (en) 2020-11-13
CN111934862B (en) 2023-08-11

Similar Documents

Publication Publication Date Title
US11038673B2 (en) Data processing method and apparatus
US10719602B2 (en) Method and device for realizing session identifier synchronization
KR101391151B1 (en) Method and apparatus for authenticating between clients using session key shared with server
US8935528B2 (en) Techniques for ensuring authentication and integrity of communications
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN111814132B (en) Security authentication method and device, security authentication chip, storage medium
CN106452764B (en) A method and cryptographic system for automatic update of identification private key
CN107317677B (en) Secret key storage and equipment identity authentication method and device
US20180204004A1 (en) Authentication method and apparatus for reinforced software
CN111510426A (en) Internet of things distribution network encryption method, device and system, electronic equipment and storage medium
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN111193743A (en) Identity authentication method, system and related device of storage system
US20220014354A1 (en) Systems, methods and devices for provision of a secret
EP3455763B1 (en) Digital rights management for anonymous digital content sharing
CN114240428A (en) Data transmission method and device, data transaction terminal and data supplier
CN110492989B (en) Private key processing method, access method, and medium and device corresponding to method
CN112769789B (en) Encryption communication method and system
CN108933766B (en) Method and client for improving equipment ID security
CN118395508A (en) Log file tamper-proof detection method, device, system and medium
CN110708155A (en) Copyright information protection method, copyright information protection system, copyright confirming method, copyright confirming device, copyright confirming equipment and copyright confirming medium
CN115567200A (en) http interface anti-brush method, system and related device
CN113792314A (en) A security access method, device and system
WO2017020449A1 (en) Fingerprint reading method and user equipment
CN109104393B (en) Identity authentication method, device and system
CN114765531A (en) Authentication method, quantum key calling method, device and quantum cryptography network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20191122

Assignee: GUANGZHOU CUBESILI INFORMATION TECHNOLOGY Co.,Ltd.

Assignor: GUANGZHOU HUADUO NETWORK TECHNOLOGY Co.,Ltd.

Contract record no.: X2021980000151

Denomination of invention: Processing method of private key, access method, medium and device of corresponding method

Granted publication date: 20201113

License type: Common License

Record date: 20210107

EE01 Entry into force of recordation of patent licensing contract