摘要
目前广泛采用的私钥保存方法是使用用户密码将私钥加密后保存在用户存储设备上,但当该存储设备被攻击者获取时,攻击者很容易使用离线字典猜测攻击获取用户私钥.本文提出一种利用在线服务器协助签名和解密的方法来安全保存并使用用户私钥的方案,用户必须通过在线服务器的认证和协作才能使用存储在用户设备上的私钥.攻击者即使获得用户设备也无法离线猜测用户密码来获取私钥.本方案具有分布式的私钥安全保存,及时的证书撤销和分布式信任管理等优点.
Common practice of protecting private key from compromise was to enerypt it with a password and store it in the user's storage device. However, the private key was vulnerabled to offline dictionary attack when the device is captured by an adversary. This paper presents a private key storage and employment scheme which requires the client to authenticate to an online server in order to collaboratively compute the private key cryptographic operations. The proposed scheme has the advantages of secure private key storage, immediate certificate revocation and distributed trust management.
出处
《小型微型计算机系统》
CSCD
北大核心
2006年第4期638-641,共4页
Journal of Chinese Computer Systems
基金
中国科学院知识创新工程下一代因特网综合环境(2001AA2130)子项目(2001AA112136)资助
关键词
人证
私钥
签名
解密
zauthentication
private key
signature
decryption