阅读说明：本技术 密钥管理方法、装置、系统及存储介质 (Key management method, device, system and storage medium ) 是由 耿慧拯 张星 米婧 张恒 于 2020-06-12 设计创作，主要内容包括：本发明公开了一种密钥管理方法、装置、系统及存储介质。其中,该密钥管理方法包括：基于数据服务终端发送的数据服务请求,对第一密钥生成算法进行混淆,得到混淆后的第二密钥生成算法；发送第二密钥生成算法给密钥服务器；与密钥服务器基于第二密钥生成算法、数据存储服务器存储的第一密钥分片、密钥服务器存储的第二密钥分片进行协同计算,对协同计算的计算结果进行反混淆,得到数据服务请求对应的密钥。如此,只有数据存储服务器才能得到数据服务请求对应的密钥,且通过对第一密钥生成算法进行混淆,使得协同计算对应的第二密钥生成算法可以动态变化,增大了攻击者窃取密钥的难度,从而在满足密钥的易用性的同时,提高了密钥的安全性。(The invention discloses a key management method, a device, a system and a storage medium. The key management method comprises the following steps: based on a data service request sent by a data service terminal, obfuscating the first key generation algorithm to obtain an obfuscated second key generation algorithm; sending a second key generation algorithm to the key server; and performing cooperative calculation with the key server based on a second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and performing anti-confusion on the calculation result of the cooperative calculation to obtain a key corresponding to the data service request. Therefore, only the data storage server can obtain the key corresponding to the data service request, and the first key generation algorithm is confused, so that the second key generation algorithm corresponding to the collaborative calculation can be dynamically changed, the difficulty of stealing the key by an attacker is increased, and the security of the key is improved while the usability of the key is met.)

1. A key management method applied to a data storage server, the method comprising:

based on a data service request sent by a data service terminal, obfuscating the first key generation algorithm to obtain an obfuscated second key generation algorithm;

sending the second key generation algorithm to a key server;

and performing collaborative calculation with the key server based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and performing anti-confusion on a calculation result of the collaborative calculation to obtain a key corresponding to the data service request.

2. The method of claim 1, wherein obfuscating the first key generation algorithm based on a data service request sent by a data service terminal comprises:

verifying a data service request sent by a data service terminal;

and determining that the verification is passed, and obfuscating the first key generation algorithm.

3. The method of claim 2, wherein the verifying the data service request sent by the data service terminal comprises at least one of:

performing identity validity verification based on the identity carried in the data service request;

and performing time validity verification based on the timestamp carried in the data service request.

4. The method of claim 2, wherein the data service request carries authentication information encrypted based on a first shared key, and wherein the first shared key is a shared key between the data service terminal and the key server, the method further comprising:

sending a key collaborative computing request to the key server, wherein the key collaborative computing request carries the verification information;

receiving a verification result of the key server for verification based on the key collaborative computing request;

obfuscating the first key generation algorithm includes:

and determining that the verification result from the key server is verified, and obfuscating the first key generation algorithm.

5. The method of claim 1,

obfuscating the first key generation algorithm includes:

encoding the first key generation algorithm based on a random number to generate the second key generation algorithm;

the antialiasing of the computation results of the collaborative computation includes:

and decoding the calculation result of the cooperative calculation based on the random number to generate a key corresponding to the data service request.

6. The method of claim 1, further comprising:

and determining that the data service request processing is finished, and destroying the key corresponding to the data service request.

7. A key management method is applied to a key server, and comprises the following steps:

receiving a second key generation algorithm sent by the data storage server;

performing collaborative calculation with the data storage server based on the second key generation algorithm, the first key fragment stored by the data storage server, and the second key fragment stored by the key server;

and the second key generation algorithm is generated after the data storage server confuses the first key generation algorithm.

8. The method of claim 7, further comprising:

receiving a key collaborative computing request sent by the data storage server, wherein the key collaborative computing request carries verification information encrypted based on a first shared key, and the first shared key is a shared key between the data service terminal and the key server;

verifying the key collaborative computing request;

and sending a verification result to the data storage server.

9. The method of claim 8, wherein the validating the key coordination computation request comprises:

verifying whether the key collaborative computing request obtains permission of the data service terminal or not based on the verification information;

if not, determining that the verification is not passed.

10. A key management apparatus, applied to a data storage server, the apparatus comprising:

the algorithm obfuscating module is used for obfuscating the first key generation algorithm based on a data service request sent by the data service terminal to obtain an obfuscated second key generation algorithm;

the sending module is used for sending the second key generation algorithm to a key server;

and the key generation module is used for performing collaborative calculation on the key server based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and performing anti-confusion on a calculation result of the collaborative calculation to obtain a key corresponding to the data service request.

11. A key management apparatus applied to a key server, the apparatus comprising:

the receiving module is used for receiving a second key generation algorithm sent by the data storage server;

the cooperation module is used for performing cooperation calculation with the data storage server based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server;

and the second key generation algorithm is generated after the data storage server confuses the first key generation algorithm.

12. A data storage server, comprising: a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor, when executing the computer program, is adapted to perform the steps of the method of any of claims 1 to 6.

13. A key server, comprising: a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor, when executing the computer program, is adapted to perform the steps of the method of any of claims 7 to 9.

14. A key management system comprising a data storage server as claimed in claim 12 and a key server as claimed in claim 13.

15. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, performs the steps of the method of any one of claims 1 to 9.

Technical Field

The present invention relates to the field of information security, and in particular, to a method, an apparatus, a system, and a storage medium for managing a key.

Background

In the related art, if the user privacy data is stored in the database in a clear text state, the user privacy data is directly threatened once the database is dragged. The data encryption storage technology is a technology capable of effectively protecting private data, and the principle of the technology is that sensitive information in user data is encrypted and then stored in a database or a file system, and decryption is performed when reading is needed. Even if the attacker realizes library dragging attack, the attacker cannot acquire the user privacy data as long as the secret key is not leaked.

Key management is the core of encrypted storage technology, and if a key is leaked, encrypted data is not safe any more. Conventional solutions are implemented by means of software or hardware. The software mode is to store the key in a configuration file or a database, and directly read the key to perform decryption operation when decryption is needed, and the mode has potential safety hazard. The hardware mode is to store the secret key in a hardware medium, for example, a USB flash disk (USB flash disk), insert the USB flash disk to read the secret key for decryption when data needs to be decrypted, and pull out the USB flash disk after decryption is completed.

Disclosure of Invention

In view of this, embodiments of the present invention provide a method, an apparatus, a system, and a storage medium for key management, which aim to improve security of a key while satisfying usability of the key.

The technical scheme of the embodiment of the invention is realized as follows:

the embodiment of the invention provides a key management method, which is applied to a data storage server and comprises the following steps:

based on a data service request sent by a data service terminal, obfuscating the first key generation algorithm to obtain an obfuscated second key generation algorithm;

sending the second key generation algorithm to a key server;

and performing collaborative calculation with the key server based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and performing anti-confusion on a calculation result of the collaborative calculation to obtain a key corresponding to the data service request.

The embodiment of the invention also provides a key management method, which is applied to the key server and comprises the following steps:

receiving a second key generation algorithm sent by the data storage server;

performing collaborative calculation with the data storage server based on the second key generation algorithm, the first key fragment stored by the data storage server, and the second key fragment stored by the key server;

and the second key generation algorithm is generated after the data storage server confuses the first key generation algorithm.

An embodiment of the present invention further provides a key management apparatus, which is applied to a data storage server, and the apparatus includes:

the algorithm obfuscating device is used for obfuscating the first key generation algorithm based on the data service request sent by the data service terminal to obtain an obfuscated second key generation algorithm;

a sending means for sending the second key generation algorithm to a key server;

and the key generation device is used for performing collaborative calculation with the key server based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and performing anti-confusion on a calculation result of the collaborative calculation to obtain a key corresponding to the data service request.

The embodiment of the invention also provides a key management device, which is applied to the key server, and the device comprises:

the receiving module is used for receiving a second key generation algorithm sent by the data storage server;

the cooperation module is used for performing cooperation calculation with the data storage server based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server;

and the second key generation algorithm is generated after the data storage server confuses the first key generation algorithm.

An embodiment of the present invention further provides a data storage server, including: a processor and a memory for storing a computer program capable of running on the processor, wherein the processor, when running the computer program, is configured to perform the steps of the method described in the data storage server side of the embodiments of the present invention.

An embodiment of the present invention further provides a key server, including: a processor and a memory for storing a computer program capable of running on the processor, wherein the processor, when running the computer program, is configured to perform the steps of the method described in the key server side of the embodiments of the present invention.

The embodiment of the invention also provides a key management system, which is characterized by comprising the data storage server and the key server.

The embodiment of the present invention further provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the method according to any embodiment of the present invention are implemented.

According to the technical scheme provided by the embodiment of the invention, the key fragments corresponding to the generated keys are respectively stored in the data storage server and the key server, and the data storage server obfuscates the first key generation algorithm based on the data service request sent by the data service terminal to obtain an obfuscated second key generation algorithm; the data storage server sends the second key generation algorithm to a key server; the data storage server and the key server perform collaborative calculation based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and perform anti-obfuscation on a calculation result of the collaborative calculation to obtain a key corresponding to the data service request, so that only the data storage server can obtain the key corresponding to the data service request, and the second key generation algorithm corresponding to the collaborative calculation can be dynamically changed by obfuscating the first key generation algorithm, thereby increasing the difficulty of an attacker stealing the key, and improving the security of the key while meeting the usability of the key.

Drawings

FIG. 1 is a schematic structural diagram of a key management system according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating a key management method applied to a data storage server according to an embodiment of the present invention;

FIG. 3 is a flowchart illustrating a key management method applied to a key server according to an embodiment of the present invention;

FIG. 4 is a flowchart illustrating a key management method according to an embodiment of the present invention;

FIG. 5 is a schematic structural diagram of a key management apparatus applied to a data storage server according to an embodiment of the present invention;

FIG. 6 is a schematic structural diagram of a key management device applied to a key server according to an embodiment of the present invention;

FIG. 7 is a block diagram of a data storage server according to an embodiment of the present invention;

FIG. 8 is a block diagram of a key server according to an embodiment of the present invention;

fig. 9 is another schematic structural diagram of a key management system according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.

In the related art, in order to solve the problem that key management cannot be compatible in terms of ease of use and security, a key may be generated based on Secure Multi-Party computing (MPC). For example, CN 110752924a discloses a key security management method based on secure multiparty computation, in which a master key is obtained by a multiparty computing system, and the master key controls state conversion of plaintext and ciphertext of a key required by an encryption algorithm. When the user has no encryption service, the master key is in an unknown state, and the service key is in a ciphertext state; when encryption service exists, a main key calculation factor (namely a key factor) is obtained through the multi-party calculation system, and the key factor is brought into a key generation algorithm to obtain a main key. In the calculation process of the scheme, nodes of a multi-party calculation system can take key factors, if an attacker masters a certain calculation node and takes a key generation algorithm through a decompilation technology, the attacker can calculate a main key to cause key leakage.

Based on this, in various embodiments of the present invention, the key fragments corresponding to the generated keys are respectively stored in the data storage server and the key server, and the data storage server performs obfuscation on the first key generation algorithm based on the data service request sent by the data service terminal, so as to obtain an obfuscated second key generation algorithm; the data storage server sends the second key generation algorithm to a key server; the data storage server and the key server perform collaborative calculation based on the second key generation algorithm, the first key fragment stored by the data storage server and the second key fragment stored by the key server, and perform anti-obfuscation on a calculation result of the collaborative calculation to obtain a key corresponding to the data service request, so that only the data storage server can obtain the key corresponding to the data service request, and the second key generation algorithm corresponding to the collaborative calculation can be dynamically changed by obfuscating the first key generation algorithm, thereby increasing the difficulty of an attacker stealing the key, and improving the security of the key while meeting the usability of the key.

In the embodiment of the present invention, as shown in fig. 1, the key management system includes: a data service terminal 101, a data storage server 102 and a key server 103. The key server 103 is configured to generate a first shared key, a second shared key, and a third shared key, where the first shared key is a shared key between the data service terminal 101 and the key server 103, the second shared key is a shared key between the data service terminal 101 and the data storage server 102, and the third shared key is a shared key between the data storage server 102 and the key server 103. The data service terminal 101, as a data service requester, may generate a data service request, such as a data access request or a data storage request, based on a user operation, and the data service terminal 101 may be a communication terminal such as a smart phone, a tablet computer, a desktop computer, or a smart wearable device. The data storage server 102 is used to encrypt or decrypt data based on the key. The data storage server 102 and the key server 103 generate a key based on cooperative computing, specifically, the data storage server 102 generates a first key fragment, the key server 103 generates a second key fragment, and the data storage server 102 and the key server 103 perform cooperative computing based on the first key fragment and the second key fragment to generate a key for data encryption or decryption.

As shown in fig. 2, an embodiment of the present invention provides a key management method, which is applied to a data storage server, and the method includes:

step 201, based on a data service request sent by a data service terminal, obfuscating a first key generation algorithm to obtain an obfuscated second key generation algorithm;

here, the data storage server receives a data service request transmitted by the data service terminal, and starts a collaborative calculation for generating a key corresponding to the data service request with the key server based on the data service request. Specifically, the data storage server obfuscates the first key generation algorithm to obtain an obfuscated second key generation algorithm. Assume that the first key generation algorithm is F (x, y), where x, y represent key shards local to the data storage server, key shards local to the key server, respectively. F (x, y) is known only to the data storage server and is kept secret from the key server.

In some embodiments, the obfuscating the first key generation algorithm includes:

and encoding the first key generation algorithm based on a random number to generate the second key generation algorithm.

Here, the data storage server may select two random numbers a and b as noise, and confuse the first key generation algorithm to obtain a second key generation algorithm F' (x, y) ═ a · F (x, y) + b.

Step 202, sending the second key generation algorithm to a key server;

here, the data storage server sends the second key generation algorithm to the key server, which facilitates the cooperative calculation between the data storage server and the key server based on the second key generation algorithm, and realizes that the first key generation algorithm is secret to the key server.

And 203, performing cooperative calculation with the key server based on the second key generation algorithm, the first key fragment stored by the data storage server, and the second key fragment stored by the key server, and performing anti-confusion on a calculation result of the cooperative calculation to obtain a key corresponding to the data service request.

Here, collaborative computing is used to solve the computational problem of privacy protection among a set of mutually untrusted participants, which can be abstractly understood as: the participators execute a function together on the premise of not revealing privacy information of the participators, and obtain a calculation result, but in the process, each party of the participators cannot reveal own data. Namely, the key server and the data storage server do not leak the respective key fragments.

In one embodiment, the data storage server and the key server generate the algorithm F' (x, y) ═ a · F (x, y) + b based on the second key, the first key fragment stored by the data storage serverK_SAnd a second key fragment K stored by the key server_APerforming cooperative calculation to obtain F' (K)_S,K_A)。

Data storage server pair F' (K)_S,K_A) And performing anti-confusion to obtain a key corresponding to the data service request.

In some embodiments, the antialiasing of the computation results of the collaborative computation comprises:

and decoding the calculation result of the cooperative calculation based on the random number to generate a key corresponding to the data service request.

Here, the data storage server calculates K ═ F '(K') based on the random numbers a and b described above_A,K_S) B)/a, wherein K is a key corresponding to the data service request, in the process, neither the data storage server nor the key server can know the key fragment of the other side, and the key server cannot know the last key K.

In the embodiment of the invention, when the data storage server and the key server cooperatively calculate the key, the data storage server firstly confuses the first key generation algorithm known by the data storage server, and then cooperatively calculates the key with the key server through the confused second key generation algorithm, so that the data storage server can recover the correct key based on the calculation result of the cooperative calculation. In this way, only the data storage server can get the correct key, and the key server participating in the calculation cannot acquire the key, so that the security of the key is enhanced.

In addition, the random number of each cooperative calculation may be different, and even if an attacker obtains the calculation result of the cooperative calculation and decompiles the program code, the correct key cannot be calculated. In the embodiment of the invention, because the confusion of the first key generation algorithm is realized by adding random number noise, the calculation processes can be different every time, even if an attacker takes the intermediate result of a certain calculation process and knows the details of the key generation algorithm through decompilation, the correct key can not be calculated, thereby greatly enhancing the security of the key.

In some embodiments, step 201 comprises:

verifying a data service request sent by a data service terminal;

and determining that the verification is passed, and obfuscating the first key generation algorithm.

Here, before the data storage server starts the cooperative computation for generating the key corresponding to the data service request with the key server based on the received data service request, the data service request may be verified, and if the verification is determined to be passed, the cooperative computation for the key is started, so that the invalid data service request may be filtered.

In some embodiments, the verifying the data service request sent by the data service terminal includes at least one of:

performing identity validity verification based on the identity carried in the data service request;

and performing time validity verification based on the timestamp carried in the data service request.

Here, the data service request sent by the data service terminal may carry an identity and/or a timestamp, and the data storage server may perform validity verification based on the identity and/or the timestamp carried by the data service request.

For example, a data service request carries a messageWherein, the medium ID_CIs the identity of the data service terminal, T is a timestamp,the representation is encrypted with a second shared key. And after receiving the data service request, the data storage server decrypts the data service request by using the second shared secret key, and performs identity validity verification and/or time validity verification on the data service request. Here, the authentication of identity validity refers to determining whether the decrypted identity is consistent with the identity carried in the data service request, and if so, determining the identityThe method is effective; and if not, determining that the data service request is invalid. The time validity verification means that whether the difference value between the timestamp and the current time is within a preset threshold value is judged, and if yes, the time is determined to be valid; if not, determining that the data service request is invalid.

In order to avoid a hacker from breaking the key after attacking the data storage server. The embodiment of the invention also designs a 'permission authentication mechanism' which is used for verifying whether the data service request received by the data storage server is permitted by the corresponding data service terminal at the side of the key server, so that the permission of the corresponding user needs to be obtained before the data storage server starts the cooperative calculation for generating the key corresponding to the data service request between the data storage server and the key server, otherwise, the cooperative calculation of the key cannot be executed. The data storage server can still ensure that the data in the ciphertext state is not decrypted even if the data storage server is attacked by a hacker.

Based on this, in some embodiments, the data service request carries authentication information encrypted based on a first shared key, where the first shared key is a shared key between the data service terminal and the key server, and the method further includes:

sending a key collaborative computing request to the key server, wherein the key collaborative computing request carries the verification information;

receiving a verification result of the key server for verification based on the key collaborative computing request;

obfuscating the first key generation algorithm includes:

and determining that the verification result from the key server is verified, and obfuscating the first key generation algorithm.

Specifically, the data service request carries a messageWherein the content of the first and second substances,representing a first shared keyAnd (4) encrypting. And after receiving the data service request, the data storage server decrypts the data service request by using the second shared secret key, and performs identity validity verification and/or time validity verification on the data service request. The data storage server is further based on determining that the verification passesAnd sending a key collaborative calculation request to the key server. For example, the data storage server sends a message to the key serverWherein, ID_ST' is the time stamp carried by the key collaborative computation request,indicating encryption with the third shared key. And after receiving the message, the key server decrypts the message by using the third shared key, and performs identity validity verification and/or time validity verification on the key cooperation calculation request so as to verify the validity of the key cooperation calculation request sent by the data storage server. After passing the verification, the key server can also pairAnd decrypting based on the first shared key so as to verify whether the data service request is initiated by the corresponding data service terminal. And if the verification is passed, sending a verification result of passing the verification to the data storage server. And the data storage server obfuscates the first key generation algorithm based on the verification result sent by the key server to start the cooperative computation with the key server for generating the key corresponding to the data service request.

In order to further improve the security of the key, the key management method according to the embodiment of the present invention further includes:

and determining that the data service request processing is finished, and destroying the key corresponding to the data service request.

Here, after the data storage server obtains the key corresponding to the data server request through the cooperative computation with the key server, the data storage server processes the data service request, for example, if the data service request is data access, the data to be accessed is decrypted based on the key and the decrypted data is sent to the data service terminal; and if the data service request is data storage, encrypting the data to be stored based on the key and storing the encrypted data. And if the data storage server determines that the data service request is processed, the key corresponding to the data service request is destroyed, so that the key corresponding to the data service request is generated based on cooperative calculation, and the key only exists in the memory and cannot fall to the ground in the disk file system, thereby ensuring the security of the key.

An embodiment of the present invention further provides a key management method, which is applied to a key server, and as shown in fig. 3, the method includes:

step 301, receiving a second key generation algorithm sent by a data storage server;

here, the second key generation algorithm is generated by obfuscating the first key generation algorithm by the data storage server. The process of generating the second key generation algorithm by the data storage server after obfuscating the first key generation algorithm may refer to the description of step 201, and is not described herein again.

Step 302, performing collaborative computation with the data storage server based on the second key generation algorithm, the first key fragment stored by the data storage server, and the second key fragment stored by the key server.

In the embodiment of the invention, when the data storage server and the key server cooperatively calculate the key, the data storage server firstly confuses the first key generation algorithm, then cooperatively calculates the key with the key server through the confused second key generation algorithm, and the data storage server can recover the correct key based on the calculation result of the cooperative calculation. In this way, only the data storage server can get the correct key, and the key server participating in the calculation cannot acquire the key, so that the security of the key is enhanced.

In some embodiments, the method further comprises:

receiving a key collaborative computing request sent by the data storage server, wherein the key collaborative computing request carries verification information encrypted based on a first shared key, and the first shared key is a shared key between the data service terminal and the key server;

verifying the key collaborative computing request;

and sending a verification result to the data storage server.

In some embodiments, the verifying the key coordination calculation request includes:

verifying whether the key collaborative computing request obtains permission of the data service terminal or not based on the verification information;

if not, determining that the verification is not passed.

Here, the authentication information may include: the identity of the data service terminal, verifying whether the key collaborative computation request obtains the permission of the data service terminal based on the verification information, includes:

and performing identity validity verification based on the identity of the data service terminal.

For example, the key server decrypts the authentication information by using the first shared key to obtain the identity of the data service terminal in the authentication information, compares the identity with the identity of the data service terminal carried in the key collaborative computing request, and if the identity is consistent with the identity of the data service terminal carried in the key collaborative computing request, determines that the key collaborative computing request obtains the permission of the data service terminal; and if the key coordination calculation requests are not consistent, determining that the permission of the data service terminal is not obtained by the key coordination calculation requests.

In practical application, the verification information may further include a timestamp, and the key server may further perform time validity verification based on the timestamp carried in the verification information. The key server sends a result of passing the verification to the data storage server under the condition that the identity validity verification and the time validity verification based on the verification information pass; and if one of the identity validity verification and the time validity verification fails, sending a result of the failed verification to the data storage server or not generating a verification result, and only when the data storage server receives the verification result of the passed verification, the data storage server confuses the first key generation algorithm.

In an application example, a data service request carries a messageWherein the content of the first and second substances,indicating encryption with the first shared key. And after receiving the data service request, the data storage server decrypts the data service request by using the second shared secret key, and performs identity validity verification and/or time validity verification on the data service request. The data storage server is further based on determining that the verification passesAnd sending a key collaborative calculation request to the key server. For example, the data storage server sends a message to the key serverWherein, ID_ST' is the time stamp carried by the key collaborative computation request,indicating encryption with the third shared key. And after receiving the message, the key server decrypts the message by using the third shared key, and performs identity validity verification and/or time validity verification on the key cooperation calculation request so as to verify the validity of the key cooperation calculation request sent by the data storage server. After passing the verification, the key server can also pairEncrypting based on the first shared key to determine whether the data service request is received by the corresponding serverAnd the data service terminal initiates verification. And if the verification is passed, sending a verification result of passing the verification to the data storage server. And the data storage server obfuscates the first key generation algorithm based on the verification result sent by the key server to start the cooperative computation with the key server for generating the key corresponding to the data service request.

The present invention will be described in further detail with reference to the following application examples.

As shown in fig. 4, in the present application embodiment, the key management system includes: the system comprises a data service requester C, a data storage server S and a key server A, wherein the key server A is responsible for calculating a key in cooperation with the data storage server S; the data storage server S is responsible for data storage and responding to data storage requests or data access requests of the data service requester C. The key management method of the embodiment of the application can ensure that the security of the user data can be ensured even if the data storage server S is attacked (dragged by a hacker and the like) because the data storage server S is provided with a data access interface provided to the outside and is easy to attack.

The following describes a key management method according to the present application embodiment with reference to a query operation (corresponding to a data decryption operation) of a user on data, and as shown in fig. 4, the key management method includes the following steps:

step 401, the system initializes.

Key server A generates a key K_AC、K_AS、K_CSThe key server A and the data service requester C, the key server A and the data storage server S, and the data service requester C and the data storage server S share the key. Key server A generates key fragment K_AThe data storage server S generates a key fragment K_S，K_AAnd K_SA key for use in the collaborative computation of data encryption.

Here, the key K_ACCorresponding to the first shared key, key K_CSCorresponding to the aforementioned second shared secret key, secret key K_ASA key fragment K corresponding to the third shared key_SCorresponding to the first key fragment, key fragment K_ACorresponding to the second key fragment described above.

Step 402, C sends a data access request to S, and carries the first message.

Here, the data service requester C initiates a data access request to the data storage server S, where the data access request carries a first messageWherein, ID_CAn identity of the data service requestor C, T is a timestamp,andrespectively representing keys K_CSAnd K_ACThe encryption is carried out by the user,and is sent to the data storage server S for "license authentication" to the key server a.

Step 403, S verifies the validity of the message.

After receiving the data access request of the data service requester C, the data storage server S firstly usesDecryptionAnd verifying the validity of the identity information, judging whether the difference value between the timestamp and the current time is within a preset threshold value, and if so, passing the verification.

Step 404, S initiates a key coordination calculation request to a, carrying the second message.

The data storage server S initiates a key cooperative computing request to the key server A, and the key cooperative computing request carries a second messageWherein, ID_SAnd T' is the identity of the data storage server S and is a time stamp carried by the key collaborative computing request. The key coordination calculation request serves to prove to the key server a that it is indeed the data service requester C that is requesting the data, and that the data storage server S itself wants to access the data. Wherein the content of the first and second substances,it is sent by the data service requester C to the data storage server S in step 402 and decrypted by the data storage server S in step 403.

Step 405, a verifies the message validity.

After the key server A receives the key cooperative computing request, K is utilized_ASPerform decryption and verify ID_SAnd effectiveness of T', with K_ACDecryptionJudgment of ID_CIf the validity and the difference between the timestamp and the current time are within the set threshold, the identity of the data storage server S is proved and the data query request initiated by the data service requester C can be confirmed. The key server a returns a notification of successful authentication to the data storage server S.

Step 406, S starts to compute the key in cooperation with a.

Here, the key generation algorithm is F (x, y), which is known only to the data storage server S and is kept secret from the key server a, x and y respectively representing the key shards local to the key server a and the data storage server S. The data storage server S selects two random numbers a, b as noise to confuse the key generation algorithm to obtain F' (x, y) ═ a · F (x, y) + b. Sending the confused key generation algorithm F '(x, y) to a key server A, running a two-party secure computing protocol, and calculating F' (K) by cooperating with the key server A_A,K_S). The data storage server S calculates K ═ F' (K)_A,K_S) B)/a, K is the encryption and decryption key,in this process, the data storage server S and the key server a cannot know the key fragment of the other side, and the key server a cannot know the last key K.

Step 407, S decrypts the data, sends it to C, and destroys the key in the memory after this data service is finished.

And the data storage server S decrypts the data accessed by the data access request by using the key K, sends the decrypted data to the data service requester C, and destroys the key K in the memory after the data service is finished.

It should be noted that the above is the whole flow of the decryption operation, and the encryption operation is similar to the above, and only the decryption operation in step 407 needs to be replaced by the encryption operation on the data, and the encrypted data is stored, which is not described in detail in this embodiment of the present invention.

In the key management method of the application embodiment, the key K is calculated through a key calculation protocol each time, only exists in the memory, is destroyed after being used up, needs to be calculated again when being used next time, and can be known only by an initiator (namely, the data storage server S) of the collaborative calculation, and other participants can not know the relevant information of the key; in addition, the two parties involved in the calculation cannot know the key fragment of the other party; in addition, besides the basic identity authentication protocol, the method of the embodiment of the application also designs a 'permission authentication' mechanism, and the initiation of the key calculation needs the permission of a data service requester C, so that the technical data storage server is ensured to be completely controlled by a hacker, and the key can not be calculated to decrypt the encrypted data of the user.

In order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides a key management apparatus, which is applied to a data storage server, where the key management apparatus corresponds to the key management method on the data storage server side, and each step in the key management method embodiment is also completely applicable to the key management apparatus embodiment.

As shown in fig. 5, the key management device 500 includes: an algorithm obfuscation module 501, a sending module 502 and a key generation module 503. The algorithm obfuscating module 501 is configured to obfuscate the first key generation algorithm based on a data service request sent by the data service terminal, to obtain an obfuscated second key generation algorithm; the sending module 502 is configured to send the second key generation algorithm to a key server; the key generation module 503 is configured to perform collaborative computation on the key server based on the second key generation algorithm, the first key fragment stored by the data storage server, and the second key fragment stored by the key server, and perform anti-confusion on a computation result of the collaborative computation to obtain a key corresponding to the data service request.

In some embodiments, the algorithm obfuscation module 501 is specifically configured to:

verifying a data service request sent by a data service terminal;

and determining that the verification is passed, and obfuscating the first key generation algorithm.

In some embodiments, the algorithm obfuscation module 501 validates a data service request sent by a data service terminal, including at least one of:

performing identity validity verification based on the identity carried in the data service request;

and performing time validity verification based on the timestamp carried in the data service request.

In some embodiments, the data service request carries authentication information encrypted based on a first shared key, where the first shared key is a shared key between the data service terminal and the key server, and the sending module 502 is further configured to send a key coordination calculation request to the key server, where the key coordination calculation request carries the authentication information; the key management device 500 further includes a receiving module 504, which receives a verification result that the key server performs verification based on the key collaborative computation request; the algorithm obfuscation module 501 is specifically configured to: and determining that the verification result from the key server is verified, and obfuscating the first key generation algorithm.

In some embodiments, the algorithm obfuscation module 501 obfuscates the first key generation algorithm, including:

encoding the first key generation algorithm based on a random number to generate the second key generation algorithm;

the key generation module 503 performs antialiasing on the calculation result of the collaborative calculation, including:

and decoding the calculation result of the cooperative calculation based on the random number to generate a key corresponding to the data service request.

In some embodiments, the key management apparatus 500 further includes a processing module 505, configured to determine that the data service request processing is finished, and destroy the key corresponding to the data service request.

In practical applications, the algorithm obfuscating module 501, the sending module 502, the key generating module 503, the receiving module 504, and the processing module 505 may be implemented by a processor in the key management device. Of course, the processor needs to run a computer program in memory to implement its functions.

In order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides a key management apparatus, which is applied to a key server, where the key management apparatus corresponds to the key management method on the key server side, and each step in the key management method embodiment is also completely applicable to the embodiment of the key management apparatus.

As shown in fig. 6, the key management apparatus 600 includes: a receiving module 601 and a coordination module 602; the receiving module 601 is configured to receive a second key generation algorithm sent by the data storage server; the coordination module 602 is configured to perform coordination calculation with the data storage server based on the second key generation algorithm, the first key fragment stored by the data storage server, and the second key fragment stored by the key server. The second key generation algorithm is generated by the data storage server after obfuscating the first key generation algorithm.

In some embodiments, the receiving module 601 is further configured to receive a key coordination calculation request sent by the data storage server, where the key coordination calculation request carries verification information encrypted based on a first shared key, and the first shared key is a shared key between the data service terminal and the key server; the key management device 600 further includes: a verification module 603 and a sending module 604, wherein the verification module 603 is configured to verify the key coordination calculation request; the sending module 604 is configured to send the verification result to the data storage server.

In some embodiments, the verification module 603 is specifically configured to:

verifying whether the key collaborative computing request obtains permission of the data service terminal or not based on the verification information;

if not, determining that the verification is not passed.

In actual application, the receiving module 601, the coordinating module 602, the verifying module 603, and the sending module 604 may be implemented by a processor in the key management device. Of course, the processor needs to run a computer program in memory to implement its functions.

It should be noted that: in the key management device provided in the above embodiment, when performing key management, only the division of each program module is illustrated, and in practical applications, the above processing distribution may be completed by different program modules according to needs, that is, the internal structure of the device may be divided into different program modules to complete all or part of the above-described processing. In addition, the key management apparatus and the key management method provided in the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.

Based on the hardware implementation of the program module, and in order to implement the method of the embodiment of the present invention, the embodiment of the present invention further provides a data storage server. Fig. 7 shows only an exemplary structure of the data storage server, not the entire structure, and a part or the entire structure shown in fig. 7 may be implemented as necessary.

As shown in fig. 7, a data storage server 700 provided by an embodiment of the present invention includes: at least one processor 701, memory 702, user interface 703, and at least one network interface 704. The various components in data storage server 700 are coupled together by a bus system 705. It will be appreciated that the bus system 705 is used to enable communications among the components. The bus system 705 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various busses are labeled in figure 7 as the bus system 705.

The user interface 703 may include, among other things, a display, a keyboard, a mouse, a trackball, a click wheel, a key, a button, a touch pad, or a touch screen.

The memory 702 in embodiments of the present invention is used to store various types of data to support the operation of a data storage server. Examples of such data include: any computer program for operating on a data storage server.

The key management method disclosed by the embodiment of the invention can be applied to the processor 701 or implemented by the processor 701. The processor 701 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the key management method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 701. The Processor 701 may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 702, and the processor 701 may read information in the memory 702 to implement the steps of the key management method provided by the embodiment of the present invention in combination with hardware thereof.

In an exemplary embodiment, the data storage server may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), FPGAs, general purpose processors, controllers, Micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned methods.

Based on the hardware implementation of the program module, and in order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides a key server. Fig. 8 shows only an exemplary structure of the key server, not the entire structure, and a part or the entire structure shown in fig. 8 may be implemented as necessary.

As shown in fig. 8, a key server 800 provided by an embodiment of the present invention includes: at least one processor 801, memory 802, a user interface 803, and at least one network interface 804. The various components in key server 800 are coupled together by a bus system 805. It will be appreciated that the bus system 805 is used to enable communications among the components of the connection. The bus system 805 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 805 in fig. 8.

The user interface 803 may include, among other things, a display, a keyboard, a mouse, a trackball, a click wheel, a key, a button, a touch pad, or a touch screen.

The memory 802 in embodiments of the present invention is used to store various types of data to support the operation of the key server. Examples of such data include: any computer program for operating on a key server.

The key management method disclosed by the embodiment of the invention can be applied to the processor 801 or implemented by the processor 801. The processor 801 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the key management method may be performed by instructions in the form of hardware integrated logic circuits or software in the processor 801. The Processor 801 may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Processor 801 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 802, and the processor 801 reads the information in the memory 802, and performs the steps of the key management method provided by the embodiments of the present invention in combination with the hardware thereof.

In an exemplary embodiment, the key server 800 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general-purpose processors, controllers, MCUs, microprocessors, or other electronic components for performing the aforementioned methods.

It will be appreciated that the memories 702, 802 can be either volatile or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The described memory for embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.

An embodiment of the present invention further provides a key management system, as shown in fig. 9, the key management system includes the data storage server 700 and the key server 800 of the foregoing embodiments. The key management method of the key management system can refer to the foregoing embodiments, and is not described herein again.

In an exemplary embodiment, the embodiment of the present invention further provides a storage medium, that is, a computer storage medium, which may specifically be a computer-readable storage medium, for example, including a memory 702 storing a computer program, where the computer program is executable by a processor 701 of a data storage server 700 to perform the steps described in the side method of the data storage server 700 according to the embodiment of the present invention; as another example, a memory 802 is included that stores a computer program that is executable by the processor 801 of the key server 800 to perform the steps described in the side-of-key server 800 method of embodiments of the present invention. The computer readable storage medium may be a ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM, among others.

It should be noted that: "first," "second," and the like are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

In addition, the technical solutions described in the embodiments of the present invention may be arbitrarily combined without conflict.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.