摘要：【中文】本发明提供了一种密码资源池系统、加密方法、电子设备及存储介质，该系统包括：密码计算池CCP，所述密码计算池CCP是由一个内部网络域的多台通用服务器组成，所述通用服务器上部署软件密码单元S‑CCU，在所述CCP中，以S‑CCU分组为单位进行主密钥申请和使用，所述S‑CCU完成密码运算；系统级密钥管理系统S‑KMS，所述S‑KMS用以向所述S‑CCU提供密钥产生、密钥分发及密钥销毁服务，并基于该系统实现了数据的加密方法，其将密钥的安全产生、安全存储和安全使用分离开来，优化密码计算资源，提高了密码运算的效率，提高了系统的安全性，降低对专用密码设备如密码机、签名验签服务器的依赖，降低了密码服务的成本。 【EN】The invention provides a password resource pool system, an encryption method, electronic equipment and a storage medium, wherein the system comprises: the CCP comprises a plurality of general servers of an internal network domain, wherein a software cryptographic unit S-CCU is deployed on the general servers, in the CCP, master key application and use are carried out by taking S-CCU groups as units, and the S-CCU completes cryptographic operation; the system level key management system S-KMS is used for providing key generation, key distribution and key destruction services for the S-CCU, and a data encryption method is realized based on the system, so that the key is separated from safe generation, safe storage and safe use, the password computing resources are optimized, the efficiency of password operation is improved, the system safety is improved, the dependence on special password equipment such as a password machine and a signature verification server is reduced, and the cost of the password service is reduced.

摘要：【中文】本发明提供了一种联盟链的数据保护方法及系统，所述方法包括：客户端向背书节点发送交易提案；背书节点对所述交易提案进行背书得到提案应答，并将所述提案应答发送至客户端；客户端根据所述提案应答得到所述交易提案的交易并发送至排序节点进行共识排序；所述排序节点对所述交易按时间排序，以及按通道将所述交易打包得到打包区块并发送至记账节点；所述记账节点对所述打包区块中的交易进行验证，将验证有效的所述打包区块加密后存储至本地。根据本发明的方法及系统，通过将存储加密机制引入联盟链，弥补记账节点在数据保护方面的不足，增强对上链数据隐私性的保护，保证了交易和数据的安全性。 【EN】The invention provides a data protection method and a system of a alliance chain, wherein the method comprises the following steps: the client sends a transaction proposal to the endorsement node; the endorsement node endorses the transaction proposal to obtain a proposal response and sends the proposal response to the client; the client side obtains the transaction of the transaction proposal according to the proposal response and sends the transaction to a sequencing node for consensus sequencing; the sequencing node sequences the transactions according to time, packages the transactions according to channels to obtain a packaging block and sends the packaging block to an accounting node; and the accounting node verifies the transaction in the packaging block, encrypts the packaging block which is verified to be effective and stores the packaging block to the local. According to the method and the system, the storage encryption mechanism is introduced into the alliance chain, so that the defect of the accounting node in the aspect of data protection is overcome, the protection of uplink data privacy is enhanced, and the safety of transaction and data is ensured.

摘要：【中文】本发明给出了一种用于短效证书的签发管理方法和系统，包括证书签发机构根据请求生成密钥分量b_i，利用证书请求包中的公钥A_i，计算获得公钥P_i，基于证书策略和公钥P_i签发数字证书，并利用公钥A_i加密数字证书cert_i和密钥分量b_i并返回第一响应数据；终端向终端管理系统发出激活私钥的请求，终端解密终端管理系统返回的第二响应数据，计算验证数字证书对应的私钥a是否与公钥P_i匹配；终端安装并激活证书签发机构为终端签发的终端实体证书，利用激活的私钥a进行数字签名。本发明可以降低密码芯片的存储和计算能力，降低了软件和硬件的复杂度。 【EN】The invention provides a method and a system for issuing and managing a short-lived certificate, which comprise a certificate issuing organization generating a key component b according to a request_iUsing the public key A in the certificate request packet_iComputing to obtain the public key P_iBased on certificate policy and public key P_iIssue digital certificate and utilize public key A_iEncrypted digital certificate cert_iAnd a key component b_iAnd returning the first response data; the terminal sends a request for activating the private key to the terminal management system, decrypts second response data returned by the terminal management system, and calculates whether the private key a corresponding to the verification digital certificate is the public key P_iMatching; the terminal installs and activates the terminal entity certificate issued by the certificate issuing organization for the terminal, and the activated private key a is used for carrying out digital signature. The invention can reduce the storage and calculation capacity of the cipher chip and reduce the complexity of software and hardware.