CN111800267B - Password service supporting system for unified management - Google Patents
Password service supporting system for unified management Download PDFInfo
- Publication number
- CN111800267B CN111800267B CN202010663236.9A CN202010663236A CN111800267B CN 111800267 B CN111800267 B CN 111800267B CN 202010663236 A CN202010663236 A CN 202010663236A CN 111800267 B CN111800267 B CN 111800267B
- Authority
- CN
- China
- Prior art keywords
- key
- service
- monitoring
- subsystem
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 claims abstract description 127
- 230000006870 function Effects 0.000 claims description 74
- 230000005540 biological transmission Effects 0.000 claims description 28
- 238000012423 maintenance Methods 0.000 claims description 26
- 238000000034 method Methods 0.000 claims description 20
- 238000007639 printing Methods 0.000 claims description 20
- 238000009826 distribution Methods 0.000 claims description 18
- 238000003860 storage Methods 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 10
- 238000003032 molecular docking Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 230000006378 damage Effects 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 238000004321 preservation Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 abstract description 139
- 238000010276 construction Methods 0.000 abstract description 4
- 238000013439 planning Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 21
- 238000013461 design Methods 0.000 description 15
- 239000003795 chemical substances by application Substances 0.000 description 10
- 230000008569 process Effects 0.000 description 10
- 230000000977 initiatory effect Effects 0.000 description 8
- 238000004519 manufacturing process Methods 0.000 description 8
- 238000011161 development Methods 0.000 description 7
- 238000012795 verification Methods 0.000 description 7
- 239000000306 component Substances 0.000 description 6
- 239000008186 active pharmaceutical agent Substances 0.000 description 5
- 230000036541 health Effects 0.000 description 5
- 230000010354 integration Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 2
- 239000010931 gold Substances 0.000 description 2
- 229910052737 gold Inorganic materials 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a unified managed cipher service supporting system, which comprises a security service subsystem, a key management subsystem and a monitoring subsystem, wherein the key management subsystem provides key information for the security service subsystem, and the monitoring subsystem monitors the security service subsystem and the key management subsystem. The invention has the advantages that: the data security problem of the banking system is solved, and a guarantee is provided for the overall data security of bank planning and construction.
Description
Technical Field
The invention relates to the technical field of bank data security, in particular to a password service supporting system for unified management.
Background
The current state of data security of banking system in China and the main problems are as follows: the method comprises the following steps that 1, service systems are numerous, and the types of calling encryptors are different; 2, respectively developing APIs, repeatedly developing, and having potential safety hazards; the problem 3 is that the number of encryptors is large, the service association is strong, and the equipment management is scattered; problem 4, key management alone, management decentralization and risk of disclosure.
In order to practically solve the above problems, most banks put forth the following security requirements: (1) The password equipment monitoring requirements comprise multi-application system sharing of the password equipment, hot backup or load balancing of the equipment, centralized and unified management of the equipment, transparent online replacement of the equipment, online equipment addition, deletion, automatic unloading of fault equipment and real-time monitoring of the health state of the equipment; (2) The application development interface requirements comprise unified application layer development interfaces, application systems directly selecting APIs, device independence (key system, instruction format) and key attribute independence; (3) Key centralized management requirements including key centralized management (generation, distribution, use, storage, destruction, etc.), key management method consistency, security (separation of key use and security management), dynamic configuration of key attributes; (4) Support for multi-version keys, including symmetric keys, asymmetric keys.
Disclosure of Invention
The invention aims to provide a unified management password service support system which thoroughly solves the problem of data security of a banking system and provides guarantee for bank planning and overall data security construction.
In order to achieve the above purpose, the present invention is realized by the following technical scheme:
The utility model provides a password service braced system of unified management, includes security service subsystem, key management subsystem and control subsystem, and key management subsystem provides key information for security service subsystem, control subsystem control security service subsystem and key management subsystem;
The security service subsystem extracts a secret key from the secret key library, supports access of multiple types of cipher machines and other security devices, and sets different security messages to access the application system through the security gateway;
The key management subsystem extracts key related information from the key file and the management configuration database, supports access of a cipher machine, is connected with a key management interface and an operation and maintenance interface through a key management Web end, the key management interface is operated by a manager, the key management interface is connected with a key printing terminal and realizes printing of a key envelope through the cipher machine, and the operation and maintenance interface is operated by an IT operation and maintenance personnel;
and the monitoring subsystem is used for operating IT monitoring personnel through a monitoring interface.
Further, the security service subsystem comprises a monitoring service module, a service access module and a security service module, wherein the monitoring service module provides monitoring information of various management and operation states of the key storage center for the monitoring subsystem, the service access module provides a service communication access service function for the service system, and the security service module completes processing of various security services and can be expanded along with the change of service scenes.
Further, the key management subsystem comprises a monitoring service module, a configuration management module, an automatic key updating module, a local key management service module, a remote key updating service module, a key synchronization service module, a key updating module, a key synchronization request module and a key deployment request module, wherein the key synchronization request module comprises a real-time synchronization request module and a delay synchronization request module; the key management subsystem is provided with a key synchronization service channel, a key deployment service channel, a key update service channel and a monitoring service channel, wherein the key synchronization service channel is used for caching key synchronization requests sent by the key management subsystem to other key management centers, the key deployment service channel is used for caching key storage requests sent by the key management subsystem to the key storage center, the key update service channel is used for caching keys to be updated, and the monitoring service channel is used for caching monitoring requests sent by the key management subsystem to the monitoring subsystem.
Further, the monitoring subsystem comprises an encryptor monitoring module, an encryptor monitoring agent module and a monitoring WEB application module; the encryptor monitoring module provides services for the encryptor monitoring agent module and the WEB application module through a TCP/IP protocol, and notifies support to directly detect the encryptor and collect real-time operation data of the encryptor without the aid of the encryptor monitoring agent module; the monitoring agent module monitoring agent of the encryptor is responsible for completing the acquisition of monitoring configuration of the encryptor, collecting the running state data of the encryptor in real time according to the monitoring configuration of the encryptor, and sending the collected data to the monitoring system of the encryptor in real time; and the monitoring WEB application module provides configuration management and real-time data monitoring functions of the monitoring subsystem for users with different roles.
Further, the security service subsystem reserves a classified service extension slot and a service element extension slot respectively.
Further, the key is divided into a device master key, a host key, a transmission key and a working key, each key has a key life cycle including generation, distribution, use, update, storage, recovery and destruction, and the key management subsystem effectively controls each link of the key life cycle.
Further, the monitoring subsystem employs a standard docking interface.
A unified management cipher service supporting method comprises the following steps:
S1) Key Generation
The key is randomly generated by a manual generation or encryption machine;
s2) Key distribution, updating and preservation
The key management subsystem automatically updates the key according to the updating strategy and synchronizes to the security service subsystem by transmitting the key distribution or synchronization to the security service subsystem; the security service subsystem distributes the transmission key to the business system; the key management subsystem and the key stock of the security service subsystem store all keys;
S3) Key usage
All keys are concentrated in the security service subsystem for use, and the security service subsystem provides a security interface API or a security message protocol mode for the service system to call;
S4) Key discarding
A discard operation is employed for keys that are no longer in use.
Further, the key management subsystem and the security service subsystem set policies to flexibly backup the keys.
Compared with the prior art, the invention has the following advantages:
The invention relates to a unified managed password service supporting system, which is used for carrying out centralized management on key sensitive information of each service system and providing standard and unified password security service through an online service interface; when providing cipher service for different service systems, a unified application interface is provided, so that the safety and reliability are improved, meanwhile, the service systems and the encryptor do not need to be directly associated, the knowledge of the encryption mechanism and the complicated cipher machine instruction of the service systems are reduced, and the development difficulty is reduced;
The key management system of the system is used for managing all keys of the whole row according to key life cycles (key registration, generation, distribution, starting, stopping, storage, backup and abandonment), and all steps related to manual operation are required to be authorized or approved by auditors, so that all operations are ensured to be operated in a system frame according to the requirements of key management standards and the like; the system provides a monitoring system taking the application as an object, which comprises monitoring the health state of the system and the used encryption equipment, can reflect the state of the monitored object in real time, and also has the file management of the monitored object, such as the purchasing time, maintenance duration, belonging application systems, related contacts (application systems and service manufacturers) and the like of the encryption equipment, so that the monitoring system can be contacted with the other party in time when the operation and maintenance personnel need;
the system has perfect log function, provides complete log record for system operation, module monitoring and the like, and is convenient for management audit and fault investigation; the system design fully considers the stability and safety of the system, has a self-maintenance process, and fully ensures the robustness of the system;
The system can support HA working mode by means of dual-machine hot standby software, automatically maintain key synchronization and configuration synchronization between two systems, ensure continuity of a service system, store dynamic data (configuration information, keys) and the like of the system in a database, and directly adopt a mature shared disk array and the like by using the database, so that the system can be deployed in a cluster mode directly, and the system adopts load balancing mode call to encryption equipment used by the system, and can automatically switch to other available encryption machines in the same group to continuously process service requests when the equipment HAs problems.
Drawings
FIG. 1 is a schematic diagram of the overall architecture of the system of the present invention;
FIG. 2 is a schematic diagram of the construction of the security function center of the present invention;
FIG. 3 is a schematic diagram of a hierarchical design of a service element-based security function implementation of the present invention;
FIG. 4 is a schematic diagram of a hierarchical design based on a secure object template in accordance with the present invention;
FIG. 5 is a key lifecycle flow diagram of the present invention;
FIG. 6 is a schematic diagram of an automatic key distribution flow of the present invention;
FIG. 7 is a schematic diagram of the key storage center of the present invention;
FIG. 8 is a schematic diagram of the key management center of the present invention;
FIG. 9 is a functional schematic of the generate/rekey of the present invention;
FIG. 10 is a schematic flow chart of the present invention for generating/rekeying;
FIG. 11 is a functional schematic of the present invention for updating keys;
FIG. 12 is a schematic flow chart of the present invention for updating a key;
FIG. 13 is a functional schematic of the synchronization key of the present invention;
FIG. 14 is a schematic flow chart of the synchronization key of the present invention;
FIG. 15 is a schematic flow diagram of a delayed synchronization key of the present invention;
FIG. 16 is a functional schematic of the present invention for receiving a synchronization key;
FIG. 17 is a flow chart of the present invention for receiving a synchronization key;
FIG. 18 is a functional schematic of an initiation key of the present invention;
FIG. 19 is a flow chart of the initiation key of the present invention;
FIG. 20 is a functional schematic of the key reading of the present invention;
FIG. 21 is a flow chart of the key reading of the present invention;
FIG. 22 is a functional schematic of the automatic key update of the present invention;
FIG. 23 is a flow chart of the automatic key update of the present invention;
FIG. 24 is a functional schematic of a deployment key of the present invention;
FIG. 25 is a schematic flow chart of a deployment key of the present invention;
FIG. 26 is a functional schematic of a remote print key envelope of the present invention;
FIG. 27 is a schematic flow chart of a remote print key envelope of the present invention;
FIG. 28 is a functional schematic of the key store of the present invention;
FIG. 29 is a flow chart of key storage of the present invention;
FIG. 30 is a schematic diagram of the construction of a monitoring subsystem of the present invention;
FIG. 31 is a schematic diagram of a key hierarchy of the present invention;
Fig. 32 is a schematic diagram of key transmission protection of the present invention.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
The invention relates to a unified management cipher service support system, wherein all the constituent centers of the system are coupled through service, and all the modules of each center are coupled through service, so that the unified management of the full-line secret key is realized.
As shown in fig. 1, a unified cryptographic service support system includes a security service subsystem, a key management subsystem, and a monitoring subsystem. In fig. 1, arrow connection lines are provided to indicate the interconnection relationship between two points, a double-headed arrow line indicates that data transmission between two points is bidirectional, a single-headed arrow line indicates that data transmission between two points is unidirectional, a direction of an arrow is a data transmission direction, and a single-headed arrow line from the monitoring subsystem indicates a data transmission line of the monitoring subsystem and the monitoring object.
1. Security service subsystem
1.1 Cryptographic service functionality
Security function services, such as various PIN functions, MAC functions, signature/verification functions, etc., are provided for all service systems (applications). The safety function center is composed of the following parts:
security function center software: completing the core function of the security function center, and taking the used secret key from the secret key storage center;
cipher machine (HSM): the method is used for completing the operation of various encryption, signature verification and the like involving keys;
Other security devices: for accomplishing various specialized security functions such as dynamic password verification, etc.;
security service specification: service agreement between the service system and the safety function center, the service system puts forward service application to the safety function center through the specification, and the safety function center provides various services to the service system through the specification.
As shown in fig. 2, the security function center includes the following modules:
And the monitoring service module: and providing various management, running states and other monitoring information of the key storage center for the monitoring center.
Service access module: service communication access service functions are provided to a business system (application system).
And the security service module is used for: the processing of various security services is completed, wherein the processing comprises a plurality of types of security service modules, each type provides different types of services, and the security service modules can be expanded along with the expansion of business scenes.
1.2 Safety function extension design
As shown in fig. 3, in consideration of the requirements of future business development, for quick and reliable implementation of new security functions, expansion interfaces are reserved on the following two levels respectively.
In the classified service slot layer, a classified service expansion slot is reserved for expanding the safety function requirements of brand new application scenes, such as expanding the safety function requirements of dynamic tokens, the safety function requirements of certificates and the like.
In the service element slot layer, a service element expansion slot is reserved for expanding new security function requirements in the existing scene supported by the system, such as expanding and supporting the client password length, the client password containing letters and the like.
1.3 Service Classification extension design
In design, the system integrates each type of service into a module that can be independently operated and deployed. And the expansion of the classification service adopts a design thought of transverse expansion. Each classified service module can be loaded and disassembled through configuration and can be independently upgraded. Each classification service module is completely transparent to other classification service modules in function, and loading, dismounting and upgrading of any one module can not generate any functional influence on any other classification service module.
1.4 Secure object extension design
As shown in fig. 4, considering the requirements of future business development, for fast and reliable implementation of supporting new types of security objects, two levels of expansion interfaces are reserved respectively: at the template definition layer, a user can define a new type of security object by configuration, for example: an external certificate template, etc.; at the template properties layer, the user may extend new template properties. After the templates and the template attributes are expanded, the newly expanded templates or the template attributes can be used by adding new service elements or upgrading the original service elements.
1.5 Unified service interface
After the encryption interfaces of the service systems are unified, encryption standardization is easier to achieve, so that the application system can achieve service functions according to the security specifications. The application developer only needs to concentrate on the realization of business logic, and does not need to relate to the security field which is not very good, so that the workload of pre-development, post-maintenance, upgrading and reconstruction can be reduced.
1.6 Cryptographic machine Access scheme
The access of multiple types of cipher machines is supported, and different access modes are adopted according to different characteristics of the cipher machines.
Instruction-published cryptographic machine: the system can directly call the cipher machine instruction, realize the load balance call of the cipher machine, and realize the dynamic (continuous system) addition and unloading operation of the cipher machine.
Cipher machine with instruction not disclosed: the system supports the transparent forwarding mode to directly send the request message to the cipher machine, and for the service of which the load balance call cipher machine is not realized for the current service, the load balance call to the cipher machine can be realized through the access of the system, the operation of adding and unloading the cipher machine can also be realized dynamically (without stopping the system), the grouping of the cipher machine is supported, different cipher machine sets are applied to different service systems, and the cipher machines in each set realize the load balance.
1.7 System Access scheme
The access of various service systems is supported, and different access modes are adopted according to the characteristics of whether the service systems are modified or not and the like.
For a business system without any modification: under the condition that the service system cannot be modified due to special reasons (such as that a service provider of the service system does not have a technician for providing service for a moment), the mode of accessing the service system can be realized by adopting a transparent forwarding mode, the security-related message in the service system is directly forwarded to the cipher machine through the service system to complete processing, and then the encryption interface provided by the service system is called for unified access when the service system can be modified.
For a conditionally adapted service system: for the service system which can be modified, the original safety-related processing is changed into the encryption interface provided by the system, so that the unified access is realized, and the mode is also the aim of building the system.
For business systems employing a mainframe programming language: for a system adopting a large computer programming language (such as COBOL), one of two modes is that a large computer programming language calls a C language function library by means of a third party library mode by providing C language source codes; the other is that we provide a message mode, the service system can directly communicate with the system according to the safe message format, and the encryption and decryption service function is realized.
1.8 Support Cryptographic machine inventory
The system can theoretically support the access of the crypto-engine adopting the TCP/IP mode, but the access mode or the access degree of the crypto-engine can be different according to specific situations.
Instruction disclosure: for the cipher machine, the cipher machine can be directly and seamlessly accessed, can provide all relevant services to the outside, and can be deeply monitored.
The instruction does not disclose: for the cipher machine, the transparent forwarding mode is adopted for access, and the monitoring system can only monitor the network layer. Such major manufacturer ciphers that the present system has been accessed and used at present are: data bureau (large and small payment crypto), xinyada (full-line model crypto), 56 bureau (customs house CA-line crypto).
1.9 Security gateway
Because all service system keys are stored in the system in a centralized way, the use of keys at all levels must be controlled to ensure that each type of key can only be accessed by the corresponding system, for example, the ATM system does not allow access to the core type of key (verifying PIN, modifying PIN key), so the system provides key access control, transaction routing, load balancing and other functions for the security service function center.
2. Key management subsystem
2.1 Key management function design
For a security system adopting a public algorithm, the most important resource is a key, so that the availability of the security system is directly determined for the success or failure of key management.
Therefore, the system can effectively control the state of each link in the key life cycle (generating, distributing, using, updating, storing, recovering/destroying) of the key, and can also timely prevent unauthorized key operation (such as the key setting validity period, the key system exceeding the validity period refuses the use thereof, thus the key system can be forced to periodically replace the key, and for the key at the core level, the front-end system such as ATM can also give refusal to only allow the key at the core level to be accessed by the core service system).
And performing authority control on management operations of various keys according to user role division. The system functions are displayed on the service level, so that service personnel can learn and use easily, and can finish the operation in the responsibility range without depending on IT technicians, thereby ensuring that the authority separation can be effectively implemented.
2.2 Key lifecycle
As shown in fig. 5, a diagram is shown for the entire flow of the key lifecycle process.
(1) The key correspondents having a direct relationship with the key are:
an application system: eventually requiring a system that uses keys.
Key entry personnel: for keys that cannot be changed arbitrarily (e.g. CVK, PVK), it must be manually responsible for the entry, each key must ensure that more than two key entry personnel assigned by different departments are responsible for the entry, and the key components must have a paper backup.
The security service subsystem: the key using unit accepts the encryption service request initiated by the service system, the encryption service is finally completed through the key operation by the encryption algorithm, and only the equipment master key MK of the encryption machine is recorded. And designing a safety scheme according to the safety requirements of each service, wherein only a hierarchical service system can use the safety service to realize the admission control of service access.
Key management subsystem: as the whole management entrance of the key, the functions here include functions of key entry, key synchronization, key state control, and the like, and simultaneously, archival information of all keys (including key entry personnel, service system name used, key enabling time, use duration, and the like) is established and saved. The system controls the operation authority of the secret key by dividing the user roles and different authorities.
(2) Keys are mainly divided into four major categories according to their functions:
Device master key: the scheme mainly refers to an encryption master key, also called MK, with only one device per device, consisting of at least 3 components. When the encryption machine is put into production for the first time, a device master key must be entered, and whether a brand new master key is entered depends on whether a service system using the new device shares the master key of an existing device. Because the device master key belongs to the basic key, the device master key has the characteristic of being not capable of being replaced at any time, and therefore, a paper recording mode is required to be stored.
Host class key: keys belonging to the core system, such as PVK (PIN verification key), CVK (card verification key), are also not freely modifiable since the data encrypted by such keys are either stored in a database (e.g. user PIN ciphertext) or on a user card (e.g. CVV), otherwise it would be necessary to migrate all the stored encrypted data (from old key encryption to new key encryption). The plaintext of the key component (at least two components) is called by the key management subsystem to be responsible for printing, and then is transmitted to the corresponding key management personnel to be input into the encryption machine of the security service subsystem.
Transmission key: when sensitive service data flows through two institutions or two application nodes, the same secret key must be agreed to be used for encryption, and any secret key cannot be transmitted in clear text on a network, so that the standard practice is to additionally set a transmission secret key (also called a protection secret key KEK), the transmission secret key is responsible for encrypting the agreed secret key to be sent to an opposite end, the problem is transferred to solving how the transmission secret key is agreed, the transmission secret key between two independent legal institutions is basically agreed in a manual mode at present, the agreed method for transmitting the secret key between the two application nodes in the same institution is realized through manual agreement, the agreement can be realized through other modes (such as PKI) without manual participation, the former mode needs to store a large number of transmission secret keys, the latter mode can be realized to replace the transmission secret key at any time, the secret key is not needed to be stored any more, and the management workload can be greatly reduced.
Working key: the key for directly encrypting and decrypting the service data is called a working key (also called a data key), and the key can be updated at any time because the transmission key is responsible for protection and issuing, so that the key does not need to be kept and does not need to be manually input.
The characteristics are as follows: from the above figure, we can see that only the device master key, the host master key and the keys agreed with the off-line institutions need to be manually input and kept, and other keys do not need to be manually kept or even input. All key entry, generation, synchronization, key state control and the like are initiated in the key management subsystem, corresponding operations are recorded, and each operation is carried out on the premise that the pre-step is finished, for example, CVK entry is carried out on the premise that a master key entry personnel of the prior equipment is required to confirm that the entry is finished in the key management subsystem and is approved by an approver, and the key entry can be carried out. Therefore, all key management operations and responsibilities can be realized to the person, and the management and the operation can only be carried out according to the set key management flow.
2.3 Key Generation
Key generation is divided into two categories: the encryption device is characterized in that the encryption device is manually generated and randomly generated by the encryption device, other encryption device master keys can be printed and generated by the encryption device after the encryption device of the key management subsystem is put into operation, and other key generation can be completed by the encryption device, which is divided into two types: one is that the plaintext component is required to be printed through an encryption machine after being manually input, and the other is that the working key used by the business system is required to be updated periodically, which is randomly generated by the encryption machine hung behind the security service subsystem or the key management subsystem. Besides paper backup for the device master key, the host key and the transmission key agreed with the off-line organization, other keys can be generated at any time, so that paper backup is not needed. All functions completed by the key management subsystem have corresponding recorded information for subsequent examination.
2.4 Key distribution
Key distribution is divided into two categories:
The key management subsystem distributes or synchronizes to the security service subsystem, the key management subsystem and the security service subsystem agree on a transmission key, and all keys which need to be synchronized to the security service subsystem are encrypted by the transmission key and then sent to the security service subsystem to complete the synchronization work.
The other is that the security service subsystem distributes to the opposite terminal service system (the terminal is the main), and the transmission key adopts PKI mode (special equipment which can not be modified or a mode of printing password envelope is kept, but the paper envelope is not required to be kept), so as to complete remote distribution work. After the transmission key distribution is completed, the distribution of the working key is completed by a service system initiating request.
2.5 Key updating
Setting up a working key update policy (e.g., key change from day to day) on the key management subsystem, the trigger policy will automatically generate the key after the arrival time, while automatically synchronizing to the security service subsystem. This operation may also be initiated by the security service subsystem, which accepts the request and completes the update key and sync key operations.
2.6 Key preservation
The key management subsystem and the security service subsystem are provided with a key bank, and ciphertext of all keys (encrypted by the LMK in the encryptor for 3 DES) is safely stored in the key bank. The keystore supports the mainstream database (Oracle, DB2, etc.).
2.7 Key usage
All the key uses are concentrated in the safety service subsystem, and the safety interface API or the safety message protocol is provided by the safety service subsystem for the service system to call, so that the data encryption function is completed.
2.8 Key backup and recovery
The key management subsystem and the security service subsystem provide the functions of backup and restoration of the key, the key can be flexibly backed up by setting a strategy, the restoration can select backup originals of multiple versions for restoration operation, and the backup can be carried out in a remote key server besides the local backup.
2.9 Key discarding
For the key which is not used any more, a discarding operation can be adopted, for example, a certain terminal or counter is evacuated, the corresponding key can be set as a discarding mark, and the key value cannot be used any more.
2.10 Automatic Key distribution
For automatic distribution of keys, such as remote keys, the working key is typically updated automatically by the system, mainly for the master key. Remote keys are generally divided into remote terminals and remote systems, and the following description will take the remote terminal as an example:
As shown in fig. 6, for a remote terminal, including a POS device, an ATM, a query machine, and other terminal devices with an operating system, which can actively initiate a transaction independent of other devices, since such devices are far away from a bank administrative unit, the security control of the remote terminal is considered to be completed by adopting a PKI system and introducing an asymmetric algorithm:
(1) Generating a public-private key pair: the background key management subsystem generates a pair of public and private keys, the private keys are stored in the encryptor, and the public and private keys are synchronized into the security service subsystem to identify the background.
(2) Registration: when self-service equipment such as ATM and the like goes out of the warehouse, the key management subsystem registers the equipment number and the unique identification code (such as network card MAC address) of the machine to finish binding work.
(3) Remote release initialization program: after the self-service equipment is installed in place, the installation work of the initialization program is completed through the remote release function of the free system of the self-service terminal.
(4) Downloading a public key: after the self-service equipment system is started, judging whether a public key exists, if the public key does not exist, automatically applying for the self-service equipment front-end, applying for the public key for the safety service subsystem by the self-service equipment front-end, and after the safety service subsystem judges whether the unique identification code of the machine exists in a binding relationship, issuing the public key to the self-service terminal.
(5) Initializing: and after the self-service terminal system is started, judging whether a terminal master key exists, if not, automatically generating a master key according to the security requirement, and then encrypting and transmitting the master key to a front-end system of the background self-service equipment by using the public key. The front-end system transmits to the security service subsystem, at this time, the unique identification code of the self-service terminal is judged, then the security service subsystem decrypts the master key by using the private key, and meanwhile, the encryptor is called to generate a new master key, and the new master key is encrypted by the uploaded master key and transmitted to the terminal.
(6) Updating TMK: after receiving the new master key, the terminal decrypts the new master key by using the master key generated just by itself, and stores the verification value in the terminal after the verification value is successful. And finishing the updating work of the TMK.
(7) Updating TAK, TPK: after the TMK is available, the working key can be updated at any time in the daily transaction process. And processes the cardholder's transaction.
(8) Dynamically updating TMK: when the using time of the TMK arrives, the background key management subsystem generates a new TMK, encrypts and issues the new TMK by using the old TMK, and dynamically completes the updating work of the TMK.
Through this scheme, to adopting paper secret key envelope in the past and need many people accompany to go to self-service equipment and carry out secret key mastering work and go no longer to return, reference PKI system has adopted automated method completely, under the circumstances that the assurance security level did not reduce, reduce personnel's expenditure and improve work efficiency.
2.11 Dumb terminal device remote key distribution
For terminal equipment such as a password keyboard and the like which cannot autonomously initiate transactions and must be used by devices such as a PC (personal computer) in a calling mode, the terminal equipment is called as a dumb terminal, and for the terminal, before the terminal is delivered, the dumb terminal equipment is accessed to a key management subsystem client (PC, serial port or USB port mode) to directly fill a master key, and in the future, when the master key needs to be updated, the key management subsystem directly adopts the current version master key to encrypt and issue a new master key, so that the master key updating operation is completed.
2.12 Full row Key management integration
The key management subsystem is used as a unified entrance of the whole row key management, provides key service, and completes the data encryption and decryption processing business of the whole row for the cooperation of the security service subsystem.
An IC card key management system conforming to the PBOC2.0 standard is deployed in the current line, and according to the key management principle, the key management system conforming to the security standard is constructed, and according to the consideration, the key management system is separated in service logic, namely, the current PBOC2.0 key management is ensured to be subordinate to the full-line key management system, so that the key management system has a clear dividing line.
It can be seen that the key management subsystem and the security service subsystem are used as independent modules in the scheme, and that two subsystems can be deployed into multiple sets (such as in the case of a split mode) according to service requirements, and their relationships remain subordinate in the case of multiple sets of subsystems.
2.13 Integration with existing management flows
At present, a key management system is formed in a row, and then the key of a service system is correspondingly managed by a manual mode according to the key management system. For example: the key management system is only a paper system, so that the actual operation can be completed by service developers, and the whole process cannot be effectively supervised. By the service production process provided by the system, the whole process can complete the key mastering work under the control of personnel with different roles, so that the key mastering can be ensured to be checked, and the problem of plaintext loss of mastering can be avoided.
2.14 System composition
(1) Key management center: unified key management provides comprehensive key management services such as key initialization, destruction, enablement, disablement, updating, etc. of keys. Various predefined key update policies are automatically performed and updated keys are synchronized to the key store. The key management center is composed of the following parts:
key profile: storing historical data of the secret key;
Management configuration database: the configuration data for various auxiliary functions such as design, management, audit and the like are stored;
cipher machine (HSM): the method is used for completing various operations such as key generation, encryption transfer and the like.
(2) Key storage center: is a production key data center, which stores all production keys and provides key storage and use services to other components. The key storage center may be formed of a plurality of physical storage centers, each disposed on a different machine, each storing a portion of the key data, together forming a logical storage center. The key storage center comprises the following parts:
Key storage center software: providing a key storage and reading service;
Remote key distribution: an automatic pushing and distributing function of the remote terminal master key is provided. The method replaces the traditional form of printing paper secret key envelopes, reduces personnel expenditure, and improves the flow application speed of laying new terminal equipment;
Generating a key store: storing key data; the key is stored in a ciphertext mode, and the key ciphertext is encrypted by adopting an LMK of a cipher machine of a key storage center;
Cipher machine (HSM): for completing the transcryption of the key ciphertext.
(3) Key management service center: the method is oriented to various managers and business personnel, and provides comprehensive key management operations such as key design, management, use, audit and the like. Consists of the following parts:
Key management service access software: finishing key management function of the core;
key management interface: the key management system is provided for business personnel and management personnel, and the personnel can complete various key management operations through the interface;
And the key printing terminal: and accessing one end of the key management interface to finish printing the key envelope.
(4) And (3) an operation and maintenance center: IT operation and maintenance personnel are provided with configuration maintenance services of operation parameters. The operation and maintenance center is composed of the following parts:
operation and maintenance center software: completing the function of forwarding configuration maintenance service between the management interface and the managed center;
Operation and maintenance management interface: and providing the Information Technology (IT) operation and maintenance personnel with the interface to complete various configuration and maintenance operations.
2.15 Key store center functional description
As shown in fig. 7, the key storage center is composed of the following types of modules:
and the monitoring service module: providing monitoring information such as various management and running states of the key storage center for the monitoring center;
Key usage service module: the key access service is provided to the security function center.
A key deployment module: a key storage service is provided to a key management center.
The key storage center is also provided with an internal service channel for completing information exchange among all modules in the center, and a type of service channel, namely a monitoring service channel, is established and used for caching monitoring requests to be sent to the monitoring center by the center.
As shown in fig. 8, the key management center is composed of the following types of modules:
And the monitoring service module: various types of management, operating status, etc. monitoring information are provided to the monitoring center.
And (3) a configuration management module: providing configuration management services to the operation and maintenance center.
And the key automatic updating module: the key is automatically updated according to a predefined policy.
The local key management service module: the key management service center is provided with a key management service.
Remote key update service module: other systems are provided with a refreshing key service interface.
Key synchronization service module: other key management centers are processed to synchronize the requests of the keys to the present center.
A key updating module: the actual key update service is completed.
Key synchronization request module, 2 total: (1) "real-time" synchronization request module: requesting other key management centers to process the key synchronization request of the center; (2) "delay" synchronization request module: other key management centers are requested to process the key synchronization requests of the center, and the synchronization requests are synchronization requests which are applied to other centers before processing failure.
A key deployment request module: the key storage center is requested to store the key.
The key storage center is also provided with an internal service channel for completing the communication among the modules in the center
Information exchange, four types of service channels are established:
key synchronization service channel: for caching key synchronization requests that the present center is to send to other key management centers.
Key deployment service channel: for caching key storage requests that the present center is to send to the key storage center.
The key update service channel: for buffering keys to be updated.
Monitoring a service channel: and the monitoring request is used for caching the monitoring request which is to be sent to the monitoring center by the local center.
3. Key management service function
3.1 Security function center requests key management center to generate Key/reKey function
As shown in fig. 9, a functional diagram of the key management center for requesting the key management center to generate a key/rekey for the security function center. As shown in fig. 10, the security function center requests the key management center to generate a key/rekey.
3.2 Key update function of key management center
As shown in fig. 11, a functional diagram of the key management center for updating the key is shown. As shown in fig. 12, a flow chart of updating a key in a key management center is shown.
3.3 Key management center synchronizing Key functionality to other Key management centers
As shown in fig. 13, a functional diagram of a key management center synchronizing keys to other key management centers is shown. As shown in fig. 14, a flow chart of the key management center synchronizing keys to other key management centers is shown. As shown in fig. 15, a flow chart of the key management center delaying the synchronization key to other key management centers is shown.
3.4 Key management center receives other key management center synchronization key functions
As shown in fig. 16, a functional diagram of a key management center receiving other key management center synchronization keys is shown. As shown in fig. 17, a flow chart of the key management center receiving other key management center synchronization keys is shown.
3.5 Key management interface initiating Key functionality to Key management center
As shown in fig. 18, a functional schematic diagram of a key management interface initiating a key to a key management center is shown. As shown in fig. 19, a flow chart of the key management interface initiating a key to the key management center is shown.
3.6 Key management center Key reading function
As shown in fig. 20, a functional diagram of key reading in the key management center is shown. As shown in fig. 21, a flow chart of key reading in the key management center is shown.
3.7 Key management center Key automatic update function
As shown in fig. 22, a functional diagram of automatic key update in the key management center is shown. As shown in fig. 23, a flow chart of automatic key update in the key management center is shown.
3.8 Key management center deploys Key functionality
As shown in fig. 24, a functional schematic of the key management center deployment key is shown. As shown in fig. 25, a flow chart of the key deployment of the key management center is shown.
3.9 Remote printing Key envelope function
As shown in fig. 26, a functional schematic of a remote printing key envelope is shown. As shown in fig. 27, a flow chart of the remote printing key envelope is shown.
3.10 Key management center initiates Key store service function
As shown in fig. 28, a functional diagram of a key management center initiating a key storage service is shown. As shown in fig. 29, a flow chart of the key management center for initiating the key storage service is shown.
4. Monitoring subsystem
4.1 Monitoring management function design
The monitoring management subsystem is mainly oriented to production operation and maintenance personnel and provides real-time monitoring for the production operation and maintenance personnel. The monitoring subsystem has the functions of:
(1) Monitoring the running state of the encryption machine in real time: the monitoring system collects monitoring data such as hardware resource occupation, network, service instruction processing and the like of the encryption machine in real time in a bypass monitoring mode, analyzes and processes the collected data in real time, and feeds back the running state of the encryption machine to monitoring personnel or operation and maintenance personnel in real time in a mode of monitoring pages, mails, short messages and the like in real time. Related personnel can timely find out and quickly resume normal operation of the encryption machine according to information such as resume suggestions fed back by the monitoring system when the encryption machine fails.
(2) Enhancing system monitoring and problem diagnosis capabilities for financial data encryptors: by analyzing the encryptor monitoring data, the capability of diagnosing the problems can be provided or enhanced for solving the transaction system faults caused by network faults, encryptor hardware faults, encryptor system resources and the like.
(3) Ensuring the safe and stable operation of the relevant important business system of the financial data encryption machine: with the help of the monitoring system of the encryptor, the system can provide alarm processing for the occurrence and upcoming failure of the encryptor, provide a basis for quick positioning and solving the problem of transaction failure, and provide corresponding guarantee for safe and stable operation of related business systems of the encryptor.
(4) And establishing a health state file of the encryption machine and a detailed operation and maintenance file monitoring system to establish a detailed health state file for faults and anomalies of all the encryption machines so as to conveniently perform early warning and reminding of the health state of the encryption machine. Meanwhile, a detailed operation and maintenance file is established for all the encryptors and is used for helping operation and maintenance personnel to set necessary operation and maintenance reminding through a monitoring system, and the operation and maintenance personnel can assist in analysis according to the operation and maintenance file when troubleshooting is performed.
4.2 Support Cryptographic machine inventory
The system can support access to the cipher machine adopting the TCP/IP mode theoretically, but according to specific conditions, the access mode determines that the monitoring degree is different:
(1) Instruction disclosure
For this kind of cipher machine, it can be directly and seamlessly accessed and can be deeply monitored. The main manufacturer model cipher machines which are accessed and used by the system at present are as follows: xindada (SJJ 1316, SJJ1111, SJJ 1418), 56 (SJL 06, SJJ0808, gold card of SJJ0902 series cipher machine, racal instruction version), 30 (gold card of SJL05, racal instruction version cipher machine), song Union (SJL 22Racal instruction version cipher machine).
(2) Instructions do not disclose
For the cipher machine, the transparent forwarding mode is adopted for access, and the monitoring system can only monitor the network layer. Such major manufacturer ciphers that the present system has been accessed and used at present are: data bureau (large and small payment crypto), xinyada (full-line model crypto), 56 bureau (customs house CA-line crypto).
4.3 Integration with existing monitoring flows
The monitoring system has a standard docking interface, supports acquisition protocols such as Syslog and other mainstream logs, successfully docks with the existing monitoring system and OA system at the existing implementation clients, and can perform corresponding custom development by only providing an API or message mode of the docking system to complete docking, thereby realizing integration with the existing monitoring flow.
4.4 System architecture
As shown in fig. 30, the monitoring subsystem is composed of the following parts:
(1) Encryption machine monitoring system (monitoring server side): the monitoring server side is a core component of the monitoring system of the encryption machine and is responsible for providing various services for monitoring agents and WEB applications, informing support of directly detecting the encryption machine without the monitoring agents and collecting real-time running data of the encryption machine. The monitoring server provides service for the monitoring agent and the WEB application through a tcp/ip protocol.
(2) The encryptor monitoring agent: the monitoring agent is responsible for completing monitoring configuration acquisition of the encryption machine, collecting running state data of the encryption machine in real time according to the monitoring configuration of the encryption machine, and sending the collected data to the monitoring server in real time.
(3) Monitoring WEB applications: the WEB application is responsible for providing configuration management functions and real-time data monitoring functions of the monitoring system for users with different roles.
The encryption machine monitoring system reserves an interface for the open platform, and can provide encryption machine monitoring data for the unified monitoring platform to complete display and notification. The monitoring system of the scheme can also directly use the mail server and the short message platform in the line to inform related contacts directly through mails and short messages when the system monitors alarm information.
5. System security
5.1 Key Security
The key is core data stored and used by the system, and the security of the key is a key problem in the design of the system security.
As shown in fig. 31, the key system is used to protect the storage security and transmission security of the key. In the figure, the dotted line indicates the key protection requirement: (1) The dotted line connecting the 2 boxes indicates that when key data is transmitted between the two boxes, a transmission protection master key is used to protect the key data to be transmitted, and the name on the dotted line, that is, the identifier of the protection key used in protection. The pink dotted line indicates that the protection key used is the key of the business system design. The green dotted line indicates that the protection key used is the key of the system design. (2) The dotted line on the database box indicates that when the key is stored in the database, the key data is encrypted using a set of local master keys.
5.2 Key storage Security
The system adopts a local master key pair of a cipher machine (HSM) to ensure the storage security of the keys.
Two types of local master key pairs are designed to ensure the storage security of the keys.
(1) SC-lmkPair, the local master key pair of the HSM of the security function center, uses this key pair for encryption when the key is stored in the keystore of the key storage center.
(2) KMS-lmkPair, the local master key pair of the HSM of the key management center, uses this key pair for encryption when stored by the key management center.
5.3 Key Transmission Security
Two types of regional master keys are designed in the system to ensure the transmission safety of the keys.
(1) KSS-zmk is ZMK agreed by the key storage center and the key management center, and when the key management center deploys a key to the key storage center, the key to be deployed is encrypted by using the key. The key storage center agrees with each security function center with a different KSS-zmk. The KSS-zmk can be replaced regularly (one year or two years, etc.) according to the service safety requirement, and the digital envelope technology is used for ensuring the safety of key updating during replacement. The update flow is described as follows:
The key management center generates RSA pairs of centers, and public keys are distributed to each security function center;
When updating, the safety function center firstly calls the safety module to randomly generate a session key, encrypts the key by using the public key of the key management center and transmits the key to the key management center;
The key management center calls the security module to decrypt the private key to obtain a session key, randomly generates a new KSS-zmk, encrypts the new KSS-zmk by using the session key, and returns a new KSS-zmk ciphertext encrypted by the session key to the security function center;
The security function center converts the new KSS-zmk ciphertext from session key encryption to cipher master key encryption, stores the new KSS-zmk ciphertext into a key store, and finally completes the replacement of the KSS-zmk.
(2) KPT-zmk is ZMK agreed with the key management center and the key printing terminal, and when remote key printing is performed, the key management center encrypts a key to be printed using the key and transmits the key to the key printing terminal. The key management center agrees with different KPT-zmk with each key printing terminal. The KPT-zmk can be replaced regularly (one year or two years, etc.) according to the service safety requirement, and the digital envelope technology is used for ensuring the safety of key updating during replacement. The update flow is described as follows:
The key management center generates RSA pairs of the center, and public keys are distributed to each key printing terminal;
When updating, the key printing terminal firstly calls the security module to randomly generate a session key, encrypts the key by using the public key of the key management center and transmits the key to the key management center;
The key management center calls the security module to decrypt the private key to obtain a session key, randomly generates a new KPT-zmk, encrypts the new KPT-zmk by using the session key, and returns a new KPT-zmk ciphertext encrypted by the session key to the key printing terminal;
And the key printing terminal converts the new KPT-zmk ciphertext from session key encryption to designated security key encryption, and then safely stores the new KPT-zmk, thereby finally completing the updating of the secret KPT-zmk.
When a service key needs to be transmitted between a security function center and a service system (application system), or a service key needs to be transmitted between the security function center and a key management system, a key to be transmitted is directly encrypted using an area master key (app-zmk) designed by the service system.
As shown in fig. 32, when the key is transmitted, the area master key of the target node is directly used for encryption, and the intermediate node through which the key message passes does not convert the ciphertext of the key. In the figure, the dotted line represents a key transmission path, and the text on the dotted line describes the encryption mode during key transmission.
5.4 Network Security
The key management center and the security function center are deployed in the production network segment, and the network security level of the key management center and the security function center is consistent with that of the core service system.
The operation and maintenance center and the monitoring center are deployed in an operation and maintenance management network segment.
A special key management web server is erected between the key management center and the key management client to safely isolate the management domain from the production domain.
5.5 System Security
The security function center and the key management center only allow the system with the appointed IP to access the appointed MAC address through the appointed port.
The operators of the key management center and the operation and maintenance center can log in the management interface only through signature authentication to perform various operations.
And when operators of the key management center and the operation and maintenance center perform various operations through the management interface, the management interface calls the security module to encrypt the requested message data and then sends the encrypted message data. The background system returns a request response of the management interface, and the background system calls the security module for encryption and then sends the request response.
5.6 User rights settings
A plurality of user permission levels are set, and for each level of users, the configuration is that:
an interfacial layer: operating interfaces of different functions.
Service layer: different sets of authorization functions.
Data layer: different visual data, different modifiable data.
Authorization for a particular operation at a certain level can be revoked at any time through rights control.
The binding relation between the user and the management mechanism is set, and one user can only see the data of the management mechanism. For users belonging to the general line, the designated general line user can see all data of the general line through setting.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the concept of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (3)
1. A unified managed cryptographic service support system, characterized by: the system comprises a security service subsystem, a key management subsystem and a monitoring subsystem, wherein the key management subsystem provides key information for the security service subsystem, and the monitoring subsystem monitors the security service subsystem and the key management subsystem;
The security service subsystem extracts a secret key from the secret key library, supports access of multiple types of cipher machines and other security devices, and sets different security messages to access the application system through the security gateway;
The key management subsystem extracts key related information from the key file and the management configuration database, supports access of a cipher machine, is connected with a key management interface and an operation and maintenance interface through a key management Web end, the key management interface is operated by a manager, the key management interface is connected with a key printing terminal and realizes printing of a key envelope through the cipher machine, and the operation and maintenance interface is operated by an IT operation and maintenance personnel;
the monitoring subsystem is used for operating IT monitoring personnel through a monitoring interface;
The security service subsystem comprises a monitoring service module, a service access module and a security service module, wherein the monitoring service module provides monitoring information of various management and operation states of the key storage center for the monitoring subsystem, the service access module provides a service communication access service function for the service system, and the security service module completes the processing of various security services and can be expanded along with the change of service scenes;
The key management subsystem comprises a monitoring service module, a configuration management module, an automatic key updating module, a local key management service module, a remote key updating service module, a key synchronization service module, a key updating module, a key synchronization request module and a key deployment request module, wherein the key synchronization request module comprises a real-time synchronization request module and a delay synchronization request module; the key management subsystem is provided with a key synchronization service channel, a key deployment service channel, a key update service channel and a monitoring service channel, wherein the key synchronization service channel is used for caching key synchronization requests sent by the key management subsystem to other key management centers, the key deployment service channel is used for caching key storage requests sent by the key management subsystem to the key storage center, the key update service channel is used for caching keys to be updated, and the monitoring service channel is used for caching monitoring requests sent by the key management subsystem to the monitoring subsystem;
the monitoring subsystem comprises an encryptor monitoring module, an encryptor monitoring agent module and a monitoring WEB application module; the encryptor monitoring module provides services for the encryptor monitoring agent module and the WEB application module through a TCP/IP protocol, and notifies support to directly detect the encryptor and collect real-time operation data of the encryptor without the aid of the encryptor monitoring agent module; the monitoring agent module monitoring agent of the encryptor is responsible for completing the acquisition of monitoring configuration of the encryptor, collecting the running state data of the encryptor in real time according to the monitoring configuration of the encryptor, and sending the collected data to the monitoring system of the encryptor in real time; the monitoring WEB application module provides configuration management and real-time data monitoring functions of the monitoring subsystem for users with different roles;
The security service subsystem is respectively reserved with a classified service extension slot and a service element extension slot;
The key is divided into a device main key, a host key, a transmission key and a working key, wherein each key has a key life cycle comprising generation, distribution, use, update, storage, recovery and destruction, and a key management subsystem effectively controls each link of the key life cycle;
the monitoring subsystem adopts a standard docking interface.
2. A unified cryptographic service support method employing a unified cryptographic service support system as in claim 1, comprising the steps of:
S1) Key Generation
The key is randomly generated by a manual generation or encryption machine;
s2) Key distribution, updating and preservation
The key management subsystem automatically updates the key according to the updating strategy and synchronizes to the security service subsystem by transmitting the key distribution or synchronization to the security service subsystem; the security service subsystem distributes the transmission key to the business system; the key management subsystem and the key stock of the security service subsystem store all keys;
S3) Key usage
All keys are concentrated in the security service subsystem for use, and the security service subsystem provides a security interface API or a security message protocol mode for the service system to call;
S4) Key discarding
A discard operation is employed for keys that are no longer in use.
3. A uniformly managed cryptographic service support method according to claim 2, wherein: the key management subsystem and the security service subsystem set a policy to flexibly backup the key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010663236.9A CN111800267B (en) | 2020-07-10 | 2020-07-10 | Password service supporting system for unified management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010663236.9A CN111800267B (en) | 2020-07-10 | 2020-07-10 | Password service supporting system for unified management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111800267A CN111800267A (en) | 2020-10-20 |
| CN111800267B true CN111800267B (en) | 2024-04-30 |
Family
ID=72806802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010663236.9A Active CN111800267B (en) | 2020-07-10 | 2020-07-10 | Password service supporting system for unified management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111800267B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112436937B (en) * | 2020-11-25 | 2022-01-18 | 公安部交通管理科学研究所 | Radio frequency tag initialization key distribution system and method |
| CN113158216A (en) * | 2021-05-13 | 2021-07-23 | 安徽华典大数据科技有限公司 | Key management system, device and management method |
| CN113569228A (en) * | 2021-07-27 | 2021-10-29 | 杭州信雅达科技有限公司 | Detection apparatus for automatic start-up of cipher machine is shut down |
| CN114238936A (en) * | 2021-11-12 | 2022-03-25 | 贵州电网有限责任公司 | Password service platform for business application system security and processing method thereof |
| CN114257606B (en) * | 2021-12-13 | 2024-03-29 | 阿里巴巴(中国)有限公司 | Data processing method, file management system, storage medium, and program product |
| CN114499954B (en) * | 2021-12-21 | 2024-05-10 | 海光信息技术股份有限公司 | Management device and method for sensitive data |
| CN114826644B (en) * | 2022-02-15 | 2024-08-20 | 杭州瑞网广通信息技术有限公司 | Data protection encryption management system |
| CN115102786A (en) * | 2022-07-25 | 2022-09-23 | 江苏航天七零六信息科技有限公司 | E-government domestic cloud password service platform based on information-creation environment |
| CN116112162A (en) * | 2023-02-14 | 2023-05-12 | 兴业银行股份有限公司 | Self-service teller machine system key filling method and system |
| CN117978444B (en) * | 2023-12-28 | 2025-10-21 | 航天信息股份有限公司 | A cryptographic service system and method for multi-layer deployment in a cloud environment |
| CN119094384A (en) * | 2024-08-27 | 2024-12-06 | 中国电子信息产业集团有限公司第六研究所 | Full stack type password service method and system |
| CN119402194B (en) * | 2025-01-01 | 2025-04-11 | 一网互通(北京)科技有限公司 | API key management method and device based on frequency and time |
| CN120123096B (en) * | 2025-03-10 | 2026-01-09 | 上海沄熹科技有限公司 | A microservice-based database encryption control method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101877157A (en) * | 2010-02-09 | 2010-11-03 | 北京江南博仁科技有限公司 | Key management system and method for bank terminal security equipment |
| CN102609640A (en) * | 2004-10-25 | 2012-07-25 | 安全第一公司 | Secure data parser method and system |
| CN103825698A (en) * | 2014-01-20 | 2014-05-28 | 中国建设银行股份有限公司 | Password security management system and method |
| WO2017166113A1 (en) * | 2016-03-30 | 2017-10-05 | 李昕光 | Key management system |
| CN109756334A (en) * | 2018-11-26 | 2019-05-14 | 西安得安信息技术有限公司 | O&M monitoring system towards key management |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9756022B2 (en) * | 2014-08-29 | 2017-09-05 | Box, Inc. | Enhanced remote key management for an enterprise in a cloud-based environment |
-
2020
- 2020-07-10 CN CN202010663236.9A patent/CN111800267B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102609640A (en) * | 2004-10-25 | 2012-07-25 | 安全第一公司 | Secure data parser method and system |
| CN101877157A (en) * | 2010-02-09 | 2010-11-03 | 北京江南博仁科技有限公司 | Key management system and method for bank terminal security equipment |
| CN103825698A (en) * | 2014-01-20 | 2014-05-28 | 中国建设银行股份有限公司 | Password security management system and method |
| WO2017166113A1 (en) * | 2016-03-30 | 2017-10-05 | 李昕光 | Key management system |
| CN109756334A (en) * | 2018-11-26 | 2019-05-14 | 西安得安信息技术有限公司 | O&M monitoring system towards key management |
Non-Patent Citations (2)
| Title |
|---|
| 基于硬件的密钥安全备份和恢复机制;王冕, 周玉洁;微计算机信息(20);全文 * |
| 基于银行业务的安全体系研究与设计;彭伟伟;《中国硕士电子期刊》;参见正文第39-45页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111800267A (en) | 2020-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111800267B (en) | Password service supporting system for unified management | |
| CN111130892B (en) | Enterprise-level microservice management system and method | |
| US8295492B2 (en) | Automated key management system | |
| CN110769035B (en) | Block chain asset issuing method, platform, service node and storage medium | |
| TWI666902B (en) | Robust ATM network system and information processing method based on blockchain technology | |
| CN103729942B (en) | Transmission security key is transferred to the method and system of key server from terminal server | |
| CN109660340B (en) | Application system based on quantum key and use method thereof | |
| US20100241848A1 (en) | System and method for securely communicating with electronic meters | |
| US20010026619A1 (en) | Apparatus and methods for managing key material in cryptographic assets | |
| CN102111378A (en) | Signature verification system | |
| US11611435B2 (en) | Automatic key exchange | |
| CN112202713A (en) | User data security protection method under Kubernetes environment | |
| CN105634730A (en) | Secret key management system of financial IC card | |
| CN117938509A (en) | A method for encrypting and storing data of traditional Chinese medicine production line based on Hyperledger Fabric alliance chain | |
| CN112182626A (en) | Supply chain financial risk management system based on block chain technology | |
| CN113556393B (en) | Multi-type intermodal data exchange system and method based on block chain | |
| CN117834717A (en) | A service-oriented implementation and management method for sharing the use of financial equipment Internet of Things | |
| CN114780568B (en) | Distributed multi-party data consistency updating method and system | |
| CN113869901B (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment | |
| De Souza et al. | Audit and backup procedures for hardware security modules | |
| US12524430B2 (en) | Method, devices and system for data exchange between a distributed database system and devices | |
| CN112926974B (en) | An offline ticket anti-counterfeiting method based on the principle of distributed ledger | |
| WO2021172589A1 (en) | Information processing system and program | |
| TWM583081U (en) | Compatible Key Management System | |
| CN118432846A (en) | A file exchange method based on file exchange cabinet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Xinyada technology building, 3888 Jiangnan Avenue, Binjiang District, Hangzhou City, Zhejiang Province 310051 Applicant after: Sinyada Technology Co.,Ltd. Address before: Xinyada technology building, 3888 Jiangnan Avenue, Binjiang District, Hangzhou City, Zhejiang Province 310051 Applicant before: SUNYARD SYSTEM ENGINEERING Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |