CN112215591B - Distributed encryption management method, device and system for encrypted money bags - Google Patents
Distributed encryption management method, device and system for encrypted money bags Download PDFInfo
- Publication number
- CN112215591B CN112215591B CN202011209121.9A CN202011209121A CN112215591B CN 112215591 B CN112215591 B CN 112215591B CN 202011209121 A CN202011209121 A CN 202011209121A CN 112215591 B CN112215591 B CN 112215591B
- Authority
- CN
- China
- Prior art keywords
- user
- private key
- wallet
- kms
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 33
- 238000000034 method Methods 0.000 claims abstract description 17
- 238000012545 processing Methods 0.000 claims description 17
- 230000001360 synchronised effect Effects 0.000 claims description 8
- 238000009877 rendering Methods 0.000 claims 1
- 238000013459 approach Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a distributed encryption management method, a device and a system for an encryption money purse, wherein the method comprises the following steps: any KMS node obtains the private key of the user's cryptocurrency wallet and synchronizes the private key of the user's cryptocurrency wallet to at least one other KMS node; any KMS node receives the user's cryptocurrency wallet transaction signature request, inquires whether the private key of the user's cryptocurrency wallet is stored, and when the private key of the user's cryptocurrency wallet is stored, processes the cryptocurrency wallet transaction signature request by using the private key. The invention improves the user experience by using the KMS node distribution setting mode, and solves the trust problem between the user and the service provider by adding measures such as hardware components and the like on the basis of the traditional cloud KMS.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a distributed encryption management method, device and system for an encryption money purse.
Background
Cryptocurrency (cryptocurrency) refers to a digital currency system based on cryptography, and is widely used in a decentralised environment. A typical cryptocurrency creates a pair of keys for a wallet account, the public part being called the public key, i.e. the transfer address of the cryptocurrency, and the non-public part being called the private key, only the private key being able to effect claims of ownership of the cryptocurrency, thereby effecting control of the cryptocurrency. It follows that the private key is the most critical part of the whole cryptocurrency system, and the loss of the private key can lead to illegal control of the cryptocurrency in the wallet, or the owner loses control of the cryptocurrency wallet and can never recover. Such events are endless.
The current method for keeping account private keys in the cryptocurrency wallet is roughly three kinds, and the three kinds of methods have problems and disadvantages of different degrees.
1. Software preservation
This approach is the most common approach and the simplest approach. The main idea is that the private key is encrypted and then stored in a magnetic disk (or other fixed storage media), and the private key can be unlocked only by setting a password (or other similar authentication means) by a user. The security of this way is poor, and an attacker can directly attack from the software itself to steal the private key.
2. Hardware wallet
The private key is stored in the external storage device by using the external HSM device, and the private key is used by connecting with a PC or other mobile devices when the private key is needed. This approach is very secure, but the problem is that the external device is easily lost, and once the device is lost, the user loses control of the cryptocurrency in the wallet, resulting in economic loss.
3. Cloud KMS (Key Management System) system
The cloud KMS is an on-cloud KMS system proposed by public cloud manufacturers and used for keeping a key of a user, and the general KMS system can provide a remotely called cryptographic function, for example, after data to be processed is sent to the cloud KMS, the cloud KMS uses a related key to process, and finally the processed data is returned. The method has the defects that the trust problem exists between the user and the cloud manufacturer, the cloud KMS is single in distribution, and good user connection experience cannot be achieved.
Disclosure of Invention
In order to solve the technical problems, the invention provides a distributed encryption management method, device and system for an encrypted money purse.
The invention provides a distributed encryption management method for an encrypted money wallet, which comprises the following steps:
any KMS node obtains the private key of the user's cryptocurrency wallet and synchronizes the private key of the user's cryptocurrency wallet to at least one other KMS node;
any KMS node receives the user's cryptocurrency wallet transaction signature request, inquires whether the private key of the user's cryptocurrency wallet is stored, and when the private key of the user's cryptocurrency wallet is stored, processes the cryptocurrency wallet transaction signature request by using the private key.
The distributed encryption management method for the encrypted money wallet has the following characteristics:
the KMS node uses hardware security techniques to disable the service provider from reading the private key of the user's crypto-wallet.
The distributed encryption management method for the encrypted money wallet has the following characteristics:
the KMS node obtaining a private key of the user's crypto-wallet includes one of:
firstly, receiving a private key of an encrypted money wallet of the user from a terminal to which the user belongs;
and secondly, creating a private key of the cryptocurrency wallet for the user.
The distributed encryption management method for the encrypted money wallet has the following characteristics:
after the KMS node receives the encrypted money wallet transaction request of the user, the method further includes: after inquiring the private key of the user's cryptocurrency wallet, inquiring the private key of the user's cryptocurrency wallet from other KMS nodes, and processing the cryptocurrency wallet transaction request by using the inquired private key.
The distributed encryption management method for the encrypted money wallet has the following characteristics:
synchronizing the private key of the user's crypto-wallet to at least one other KMS node includes one of:
synchronization method one, the private key of the user's cryptocurrency wallet is synchronized to all other
KMS nodes;
a second synchronization mode is used for determining a geographical area to which a KMS node receiving the private key of the user's encrypted money wallet belongs, and synchronizing the private key of the user's encrypted money wallet to KMS nodes in other geographical areas with the distance from the geographical area smaller than a preset distance;
and in a third synchronization mode, determining the level of the KMS node which receives the private key of the user's cryptocurrency wallet, and synchronizing the private key of the user's cryptocurrency wallet with the KMS node which is the same as the level.
The distributed encryption management method for the encrypted money wallet has the following characteristics:
the step of querying the private key of the user's crypto-wallet from the other KMS nodes when synchronizing the private key of the user's crypto-wallet to at least one other KMS node in the synchronization manner includes: querying any other node for a private key of the user's cryptocurrency wallet;
when the second synchronization mode is adopted when the private key of the user's crypto-wallet is synchronized to at least one other KMS node, the querying of the private key of the user's crypto-wallet from the other KMS node includes: querying at least one of the other nodes of the adjacent geographic area for a private key of the user's cryptocurrency wallet;
when the synchronization mode III is adopted when the private key of the user's crypto-wallet is synchronized to at least one other KMS node, the inquiry of the private key of the user's crypto-wallet from the other KMS node comprises: at least one of the KMS nodes of the same level is queried for the private key of the user's crypto-wallet.
The invention provides a distributed encryption management device for an encryption currency wallet, which is applied to a KMS node and comprises the following components:
the acquisition module is used for acquiring the private key of the user's encrypted money wallet;
the synchronization module is used for synchronizing the private key of the user's encrypted money wallet to at least one other KMS node;
the receiving module is used for receiving the encrypted money wallet transaction signature request of the user;
the inquiry module is used for inquiring whether the private key of the encrypted money wallet of the user is stored or not;
and the processing module is used for processing the encrypted money wallet transaction signature request by using the private key after the inquiring module inquires the private key of the encrypted money wallet stored with the user.
The distributed encryption management device for the encrypted money wallet has the following characteristics:
a security module is also included for disabling the service provider from reading the private key of the user's cryptocurrency wallet using hardware security techniques.
The distributed encryption management device for the encrypted money wallet has the following characteristics:
the obtaining module is further configured to obtain a private key of the user's cryptocurrency wallet using one of the following means:
firstly, receiving a private key of an encrypted money wallet of the user from a terminal to which the user belongs;
and secondly, creating a private key of the cryptocurrency wallet for the user.
The distributed encryption management device for the encrypted money wallet has the following characteristics:
and the processing module is further used for inquiring the private key of the user's cryptocurrency wallet from other KMS nodes after the inquiring module inquires the private key of the cryptocurrency wallet stored with the user, and processing the cryptocurrency wallet transaction request by using the inquired private key.
The distributed encryption management device for the encrypted money wallet has the following characteristics:
the synchronization module synchronizes the private key of the user's cryptocurrency wallet to at least one other KMS node using one of the following:
the first synchronization mode is to synchronize the private key of the user's cryptocurrency wallet to all other KMS nodes;
a second synchronization mode is used for determining a geographical area to which a KMS node receiving the private key of the user's encrypted money wallet belongs, and synchronizing the private key of the user's encrypted money wallet to KMS nodes in other geographical areas with the distance from the geographical area smaller than a preset distance;
a third synchronization mode, which is to determine the level of a KMS node which receives the private key of the user's cryptocurrency wallet, and synchronize the private key of the user's cryptocurrency wallet to the KMS node which is the same as the level;
the processing module is further used for inquiring the private key of the user's encrypted money wallet to any other node when the synchronization module uses the synchronization mode; querying at least one of the other nodes of the adjacent geographical area for a private key of the user's cryptocurrency wallet when the synchronization module uses synchronization mode two; and when the synchronization module uses the synchronization mode III, at least one of the KMS nodes at the same level is queried for the private key of the user's cryptocurrency wallet.
The distributed encryption management system for the encrypted money wallet provided by the invention comprises a plurality of KMS nodes, wherein each KMS node comprises the device.
The invention provides a distributed cloud KMS, which improves the user experience by using a KMS node distribution setting mode, and solves the trust problem between the user and a service provider by adding measures such as hardware components on the basis of the traditional cloud KMS.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
FIG. 1 is a block diagram of a distributed KMS node system in an embodiment;
FIG. 2 is a flow diagram of a distributed encryption management method for an encrypted money purse in an embodiment;
fig. 3 is a block diagram of a distributed encryption management apparatus for an encrypted money purse in the embodiment.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be arbitrarily combined with each other.
As shown in fig. 1, a plurality of KMS nodes are provided in the present invention to form a distributed KMS node system, and the KMS nodes communicate with various types of terminals.
As shown in fig. 2, the distributed encryption management method for the encrypted money wallet includes:
step 201, the KMS node obtains a private key of the user's crypto-wallet, and synchronizes the private key of the user's crypto-wallet to at least one other KMS node;
in step 202, the kms node receives a user's cryptocurrency wallet transaction signature request, queries whether a private key of the user's cryptocurrency wallet is stored, and processes the cryptocurrency wallet transaction signature request using the private key when the private key of the user's cryptocurrency wallet is stored.
In the method, a KMS node uses a hardware security technology to enable a service provider to be incapable of reading a private key of an encrypted money wallet of a user, and specifically, the KMS is built by adopting an SGX technology based on Intel. The terminal to which the cryptocurrency wallet belongs communicates with the KMS node by using an international standard key management interoperability protocol (Key Management Interoperability Protocol, KMIP for short) protocol, and the KMIP protocol can greatly reduce the problem of universality of the cryptocurrency wallet.
In step 101, the KMS node obtaining a private key of a user's crypto-wallet includes one of the following ways:
in the first mode, a private key of an encrypted money wallet of a user is received from a terminal to which the user belongs; for example, a user generates a public key private key pair in a mobile terminal (PC, mobile phone, tablet, etc.) using a cryptocurrency wallet, and the user sends the generated private key to a cloud KMS node through a KMIP protocol using a "remote upload private key" function in the own local cryptocurrency wallet.
In a second way, a private key of the cryptocurrency wallet is created for the user. For example, the mobile terminal connects to the KMS node for authentication related to the crypto wallet, the mobile terminal initiates a request to create a private key and a public key for a user's crypto wallet, the KMS node generates (e.g., using elliptic curve arithmetic) the public key and the private key for the user's crypto wallet, and sends the public key to the mobile terminal. This way, the problem that the security intensity of the secret key generated by the user locally by using the cryptocurrency wallet is insufficient in the first way, so that the secret key itself has a weak point can be prevented.
In step 102, after receiving the encrypted money wallet transaction request of the user, the KMS node further includes: after inquiring the private key of the user's cryptocurrency wallet, inquiring the private key of the user's cryptocurrency wallet from other KMS nodes, and processing the cryptocurrency wallet transaction request by using the inquired private key.
Synchronizing the private key of the user's crypto-wallet to at least one other KMS node in step 101 includes one of the following:
the first synchronization mode is to synchronize the private key of the user's encrypted money wallet to all other KMS nodes;
a second synchronization mode is that a geographical area where a KMS node receiving a private key of a user's encrypted money wallet belongs is determined, and the private key of the user's encrypted money wallet is synchronized to KMS nodes in other geographical areas with a distance smaller than a preset distance from the geographical area;
and in a third synchronization mode, determining the level of the KMS node which receives the private key of the user's cryptocurrency wallet, and synchronizing the private key of the user's cryptocurrency wallet with the KMS node which is the same as the level.
And when the key synchronization is carried out among the KMS nodes, a secure channel is adopted for synchronization.
In particular, the method comprises the steps of,
synchronizing the private key of the user's crypto-wallet to at least one other KMS node in a synchronized manner, querying the private key of the user's crypto-wallet from the other KMS node includes: querying any other node for a private key of the user's cryptocurrency wallet;
when a second synchronization mode is adopted when the private key of the user's crypto-wallet is synchronized to at least one other KMS node, querying the private key of the user's crypto-wallet from the other KMS node comprises: querying at least one of the nodes of the adjacent geographic area for a private key of the user's cryptocurrency wallet;
when synchronizing the private key of the user's crypto-wallet to at least one other KMS node in a third synchronization mode, querying the private key of the user's crypto-wallet from the other KMS node comprises: at least one of the other nodes of the same level is queried for the private key of the user's cryptocurrency wallet.
As shown in fig. 2, the distributed encryption management device for the cryptocurrency wallet is applied to a KMS node, and includes:
the acquisition module is used for acquiring the private key of the user's encrypted money wallet;
the synchronization module is used for synchronizing the private key of the user's encrypted money wallet to at least one other KMS node;
the receiving module is used for receiving the encrypted money wallet transaction signature request of the user;
the inquiry module is used for inquiring whether the private key of the encrypted money wallet of the user is stored or not;
and the processing module is used for processing the encrypted money wallet transaction signature request by using the private key after the inquiring module inquires the private key of the encrypted money wallet stored with the user.
The apparatus further comprises a security module for disabling the service provider from reading the private key of the user's cryptocurrency wallet using hardware security techniques.
The obtaining module further configured to obtain a private key of the user's cryptocurrency wallet using one of the following means includes:
firstly, receiving a private key of an encrypted money wallet of the user from a terminal to which the user belongs;
and secondly, creating a private key of the cryptocurrency wallet for the user.
And the processing module is also used for inquiring the private key of the user's cryptocurrency wallet from other KMS nodes after the inquiring module inquires the private key of the cryptocurrency wallet stored with the user, and processing the cryptocurrency wallet transaction request by using the inquired private key.
The synchronization module synchronizes the private key of the user's cryptocurrency wallet to at least one other KMS node using one of the following:
the first synchronization mode is to synchronize the private key of the user's cryptocurrency wallet to all other KMS nodes;
a second synchronization mode is used for determining a geographical area to which a KMS node receiving the private key of the user's encrypted money wallet belongs, and synchronizing the private key of the user's encrypted money wallet to KMS nodes in other geographical areas with the distance from the geographical area smaller than a preset distance;
a third synchronization mode, which is to determine the level of a KMS node which receives the private key of the user's cryptocurrency wallet, and synchronize the private key of the user's cryptocurrency wallet to the KMS node which is the same as the level;
the processing module is also used for inquiring the private key of the user's encrypted money wallet to any other node when the synchronization module uses the synchronization mode; querying at least one of the other nodes of the adjacent geographical area for a private key of the user's cryptocurrency wallet when the synchronization module uses synchronization mode two; and when the synchronization module uses the synchronization mode III, at least one of the KMS nodes at the same level is queried for the private key of the user's cryptocurrency wallet.
The distributed encryption management system for the cryptocurrency purse comprises a plurality of KMS nodes, wherein each KMS node comprises the device.
The following is a detailed description of specific examples.
Detailed description of the preferred embodiments
The system comprises 100 KMS nodes.
The user A uses the encryption wallet C to generate a public key private key pair at the mobile terminal B, and the user uses the remote uploading private key function in the local encryption wallet C to send the generated private key to the first KMS node where the mobile terminal B is currently located through a KMIP protocol. The KMS node knows the private key of user a. Or the mobile terminal B is connected with the first KMS node to perform related authentication with the cryptocurrency wallet C, the mobile terminal B initiates a request for creating a private key and a public key for the cryptocurrency wallet C of the user A, the first KMS node generates the public key and the private key of the cryptocurrency wallet C for the user A by adopting an elliptic curve algorithm, and sends the public key to the mobile terminal B to save the private key of the user A.
The first KMS node synchronizes the private key of the crypto wallet C of user a to the other 99 KMS nodes.
The mobile terminal B moves to the coverage of the second KMS node.
The user A operates the cryptocurrency wallet C on the mobile terminal B, payment is required to be carried out on the merchant D, the cryptocurrency wallet C software on the mobile terminal B collects user authentication information (such as passwords, fingerprints and the like), a request for signing by using a private key is sent to the second KMS node, the request carries the user authentication information, the second KMS node inquires the specific operation required to be carried out by the cryptocurrency wallet C after verifying the user authentication information successfully, the mobile terminal B sends the encrypted currency transaction data of the cryptocurrency wallet C to the second KMS node and requests to sign the currency data by using the private key, and the second KMS node returns a signature value to the mobile terminal B after signing the transaction data by using the private key after inquiring the private key of the cryptocurrency wallet C of the user A.
Second embodiment
The system comprises 100 KMS nodes. The number of the KMS nodes with the highest level is 10, and the KMS nodes comprise a first KMS node and a second KMS node.
The user A uses the encryption wallet C to generate a public key private key pair at the mobile terminal B, and the user uses the remote uploading private key function in the local encryption wallet C to send the generated private key to the first KMS node where the mobile terminal B is currently located through a KMIP protocol. The KMS node knows the private key of user a. Or the mobile terminal B is connected with the first KMS node to perform related authentication with the cryptocurrency wallet C, the mobile terminal B initiates a request for creating a private key and a public key for the cryptocurrency wallet C of the user A, the first KMS node generates the public key and the private key of the cryptocurrency wallet C for the user A by adopting an elliptic curve algorithm, and sends the public key to the mobile terminal B to save the private key of the user A.
The first KMS node synchronizes the private key of the user a's crypto wallet C to the other 9 KMS nodes of the same level.
The mobile terminal B moves to the coverage of the second KMS node.
The user A operates the cryptocurrency wallet C on the mobile terminal B, payment is required to be carried out on the merchant D, the cryptocurrency wallet C software on the mobile terminal B collects user authentication information (such as passwords, fingerprints and the like), a request for signing by using a private key is sent to the second KMS node, the request carries the user authentication information, the second KMS node inquires the specific operation required to be carried out by the cryptocurrency wallet C after verifying the user authentication information successfully, the mobile terminal B sends the encrypted currency transaction data of the cryptocurrency wallet C to the second KMS node and requests to sign the currency data by using the private key, and after inquiring the private key of the cryptocurrency wallet C of the user A by the second KMS node, one of other KMS nodes at the same level inquires the private key of the cryptocurrency wallet C of the user A, and after obtaining the private key, the private key is used for signing the transaction data, a signature value is returned to the mobile terminal B.
The KMS node distribution setting mode is used for improving the use experience of users, and on the basis of a traditional cloud KMS, the trust problem between the users and service providers is solved by adding measures such as hardware components and the like.
The above description may be implemented alone or in various combinations and these modifications are within the scope of the present invention.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of the methods described above may be implemented by a program that instructs associated hardware, and the program may be stored on a computer readable storage medium such as a read-only memory, a magnetic or optical disk, etc. Alternatively, all or part of the steps of the above embodiments may be implemented using one or more integrated circuits, and accordingly, each module/unit in the above embodiments may be implemented in hardware or may be implemented in a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional identical elements in an article or apparatus that comprises the element.
The above embodiments are only for illustrating the technical scheme of the present invention, not for limiting the same, and the present invention is described in detail with reference to the preferred embodiments. It will be understood by those skilled in the art that various modifications and equivalent substitutions may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention, and the present invention is intended to be covered by the scope of the appended claims.
Claims (7)
1. A distributed encryption management method for an encrypted money purse, applied to a KMS node, comprising:
receiving a private key of the user's cryptocurrency wallet uploaded by a terminal to which the user belongs, or creating a private key of the cryptocurrency wallet for the user, and synchronizing the private key of the user's cryptocurrency wallet to at least one other KMS node; the KMS node uses a hardware security technology to enable a service provider to not read a private key of a user's cryptocurrency wallet;
receiving a user's encrypted money wallet transaction signature request, inquiring whether a private key of the user's encrypted money wallet is stored, and when the private key of the user's encrypted money wallet is stored, processing the encrypted money wallet transaction signature request by using the private key of the user's encrypted money wallet stored in a KMS node; when the private key of the user's crypto-wallet is not saved locally, the private key of the user's crypto-wallet is obtained from the other KMS node and the crypto-wallet transaction signature request is processed using the private key.
2. A distributed encryption management method for a cryptocurrency wallet as set forth in claim 1, wherein,
synchronizing the private key of the user's crypto-wallet to at least one other KMS node includes one of:
the first synchronization mode is to synchronize the private key of the user's cryptocurrency wallet to all other KMS nodes;
a second synchronization mode is used for determining a geographical area to which a KMS node receiving the private key of the user's encrypted money wallet belongs, and synchronizing the private key of the user's encrypted money wallet to KMS nodes in other geographical areas with the distance from the geographical area smaller than a preset distance;
and in a third synchronization mode, determining the level of the KMS node which receives the private key of the user's cryptocurrency wallet, and synchronizing the private key of the user's cryptocurrency wallet with the KMS node which is the same as the level.
3. A distributed encryption management method for a cryptocurrency wallet as set forth in claim 2, wherein,
synchronizing the private key of the user's crypto-wallet to at least one other KMS node in the synchronization manner, the obtaining the private key of the user's crypto-wallet from the other KMS node comprises: obtaining a private key of the user's cryptocurrency wallet from any other node;
when the second synchronization mode is adopted when the private key of the user's crypto-wallet is synchronized to at least one other KMS node, the step of obtaining the private key of the user's crypto-wallet from the other KMS node includes: obtaining a private key of the user's cryptocurrency wallet from at least one of the other nodes of the neighboring geographic area;
when the synchronization mode III is adopted when the private key of the user's crypto-wallet is synchronized to at least one other KMS node, the step of obtaining the private key of the user's crypto-wallet from the other KMS node comprises the following steps: a private key of the user's crypto-wallet is obtained from at least one of the same level KMS nodes.
4. A distributed encryption management device for a cryptocurrency wallet, applied to a KMS node, comprising:
the receiving module is used for receiving the encrypted money wallet transaction signature request of the user;
the inquiry module is used for inquiring whether the private key of the encrypted money wallet of the user is stored or not;
the processing module is used for processing the encrypted money wallet transaction signature request by using the private key after the inquiring module inquires the private key of the encrypted money wallet stored with the user; when the private key of the user's cryptocurrency wallet is not stored locally, acquiring the private key of the user's cryptocurrency wallet from other KMS nodes, and processing the cryptocurrency wallet transaction signature request by using the private key;
the acquisition module is used for receiving the private key of the user's cryptocurrency wallet uploaded by the terminal to which the user belongs, or creating the private key of the cryptocurrency wallet for the user;
the synchronization module is used for synchronizing the private key of the user's encrypted money wallet to at least one other KMS node;
a security module for rendering the private key of the user's cryptocurrency wallet unreadable by the service provider using hardware security techniques.
5. A distributed encryption management apparatus for a cryptocurrency wallet as set forth in claim 4, wherein,
the synchronization module synchronizes the private key of the user's cryptocurrency wallet to at least one other KMS node using one of the following:
the first synchronization mode is to synchronize the private key of the user's cryptocurrency wallet to all other KMS nodes;
a second synchronization mode is used for determining a geographical area to which a KMS node receiving the private key of the user's encrypted money wallet belongs, and synchronizing the private key of the user's encrypted money wallet to KMS nodes in other geographical areas with the distance from the geographical area smaller than a preset distance;
and in a third synchronization mode, determining the level of the KMS node which receives the private key of the user's cryptocurrency wallet, and synchronizing the private key of the user's cryptocurrency wallet with the KMS node which is the same as the level.
6. A distributed crypto management system for crypto-currency wallets comprising a plurality of KMS nodes, each KMS node comprising the apparatus of any one of claims 4 to 5.
7. A computer readable storage medium, which when executed by a processor of a KMS node, causes the KMS node to perform a distributed encryption management method for a cryptocurrency wallet, the distributed encryption management method for a cryptocurrency wallet comprising:
receiving a private key of the user's cryptocurrency wallet uploaded by a terminal to which the user belongs, or creating a private key of the cryptocurrency wallet for the user, and synchronizing the private key of the user's cryptocurrency wallet to at least one other KMS node; the KMS node uses a hardware security technology to enable a service provider to not read a private key of a user's cryptocurrency wallet;
receiving a user's encrypted money wallet transaction signature request, inquiring whether a private key of the user's encrypted money wallet is stored, and when the private key of the user's encrypted money wallet is stored, processing the encrypted money wallet transaction signature request by using the private key of the user's encrypted money wallet stored in a KMS node; when the private key of the user's crypto-wallet is not saved locally, the private key of the user's crypto-wallet is obtained from the other KMS node and the crypto-wallet transaction signature request is processed using the private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011209121.9A CN112215591B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encrypted money bags |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810885307.2A CN110490561B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encryption currency wallet |
CN202011209121.9A CN112215591B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encrypted money bags |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810885307.2A Division CN110490561B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encryption currency wallet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112215591A CN112215591A (en) | 2021-01-12 |
CN112215591B true CN112215591B (en) | 2024-01-26 |
Family
ID=68545496
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810885307.2A Active CN110490561B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encryption currency wallet |
CN202011209121.9A Active CN112215591B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encrypted money bags |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810885307.2A Active CN110490561B (en) | 2018-08-06 | 2018-08-06 | Distributed encryption management method, device and system for encryption currency wallet |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN110490561B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112330310A (en) * | 2020-11-12 | 2021-02-05 | 武汉天喻信息产业股份有限公司 | Intelligent terminal system and equipment for digital currency transaction |
CN113194069B (en) * | 2021-03-30 | 2022-08-26 | 深圳博瑞天下科技有限公司 | Communication tracing method, communication tracing device and medium based on block chain |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106533661A (en) * | 2016-10-25 | 2017-03-22 | 北京大学 | Online generation method for cryptographic currency address based on combined public key |
CN106779636A (en) * | 2016-11-29 | 2017-05-31 | 北京乐酷达网络科技有限公司 | A kind of block chain digital cash wallet based on earphone interface of mobile phone |
CN107104795A (en) * | 2017-04-25 | 2017-08-29 | 上海汇尔通信息技术有限公司 | Method for implanting, framework and the system of RSA key pair and certificate |
CN108242999A (en) * | 2017-10-26 | 2018-07-03 | 招商银行股份有限公司 | Key escrow method, equipment and computer readable storage medium |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2975570A1 (en) * | 2014-07-17 | 2016-01-20 | draglet GmbH | Method and a device for securing access to wallets containing crypto-currencies |
CN104618120B (en) * | 2015-03-04 | 2018-01-23 | 青岛微智慧信息有限公司 | A kind of mobile terminal key escrow digital signature method |
EP3073670B1 (en) * | 2015-03-27 | 2020-09-02 | Black Gold Coin, Inc. | A system and a method for personal identification and verification |
CN107566117B (en) * | 2017-07-14 | 2019-10-29 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
-
2018
- 2018-08-06 CN CN201810885307.2A patent/CN110490561B/en active Active
- 2018-08-06 CN CN202011209121.9A patent/CN112215591B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106533661A (en) * | 2016-10-25 | 2017-03-22 | 北京大学 | Online generation method for cryptographic currency address based on combined public key |
CN106779636A (en) * | 2016-11-29 | 2017-05-31 | 北京乐酷达网络科技有限公司 | A kind of block chain digital cash wallet based on earphone interface of mobile phone |
CN107104795A (en) * | 2017-04-25 | 2017-08-29 | 上海汇尔通信息技术有限公司 | Method for implanting, framework and the system of RSA key pair and certificate |
CN108242999A (en) * | 2017-10-26 | 2018-07-03 | 招商银行股份有限公司 | Key escrow method, equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110490561A (en) | 2019-11-22 |
CN110490561B (en) | 2020-09-15 |
CN112215591A (en) | 2021-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108564353B (en) | Payment system and method based on block chain | |
EP3255832B1 (en) | Dynamic encryption method, terminal and server | |
EP3090520B1 (en) | System and method for securing machine-to-machine communications | |
CN110855791B (en) | Block link point deployment method and related equipment | |
US8813243B2 (en) | Reducing a size of a security-related data object stored on a token | |
US20170223016A1 (en) | Service Authorization Using Auxiliary Device | |
US20140298018A1 (en) | Apparatus and methods for distributing and storing electronic access clients | |
US20070283427A1 (en) | Simplified identity management of a common area endpoint | |
US9203610B2 (en) | Systems and methods for secure peer-to-peer communications | |
CN111723385B (en) | Data information processing method, device, electronic equipment and storage medium | |
US9445269B2 (en) | Terminal identity verification and service authentication method, system and terminal | |
CN110599342B (en) | Block chain-based identity information authorization method and device | |
US20180041520A1 (en) | Data access method based on cloud computing platform, and user terminal | |
CN101777978A (en) | Method and system based on wireless terminal for applying digital certificate and wireless terminal | |
US20110162053A1 (en) | Service assisted secret provisioning | |
JP2022518061A (en) | Methods, Computer Program Products, and Equipment for Transferring Ownership of Digital Assets | |
US20150304321A1 (en) | An image management system and an image management method based on fingerprint authentication | |
CN1859097B (en) | Verifying method and system based on general weight discrimination framework | |
CN110266474A (en) | Key sending method, apparatus and system | |
WO2019056971A1 (en) | Authentication method and device | |
US20100262831A1 (en) | Method and Apparatus for Providing Secure Linking to a User Identity in a Digital Rights Management System | |
CN101938742A (en) | Method for reversely cloning subscriber identity module, device and system | |
US20210306135A1 (en) | Electronic device within blockchain based pki domain, electronic device within certification authority based pki domain, and cryptographic communication system including these electronic devices | |
CN112215591B (en) | Distributed encryption management method, device and system for encrypted money bags | |
US20210014682A1 (en) | Methods and systems for securing and utilizing a personal date store on a mobile device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40045324 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |