Key management plays a crucial role in cryptography, as the basis for secure information exchange, data identification and integrity. There are software and hardware key management tools that support Crypto APIs and Cryptography Next Generation APIs(CNG API), Public Key Cryptography Standards (PKCS). These tools store cryptographic keys on hard disks, smart cards, tokens, and in other storage media. To use the cryptographic keys stored on these smart cards and tokens, you need to connect them to the appropriate hardware. The cryptographic keys stored on the hard drives of a computer or a laptop are used by the programs of these devices. If it becomes necessary to use a single key in different systems, then you will have to create copies of the key on all these devices. This complicates the process of key management, raises tasks of securely store keys, keys access control. This paper proposes a distributed system model for key management and a protocol of interaction of the distributed system modules. The proposed model provides the ability to store keys in a smartphone, and access to keys from other devices. The system described in the model consists of 3 modules. The module 1 has computer version and smartphone version, and serves to send a request for signing, signature verification, hashing. The module 2, a smartphone software, provides key pair generation, storing, encrypting and decrypting, archiving keys, export/import keys, keys access control, and destroying keys. The module 3, web service, provides communication of the first and second modules. In addition, the system, which was created based on the current model, provides the ability to use digital signatures in web applications. The Module 1 operates as a local web service that accepts requests from a web page running in a browser. A special script in a web page sends http requests that include cryptographic operations to the specified localhost port and accepts responses.
1. NIST Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government, Annabelle Lee, Security Technology Group -Computer Security Division -National Institute of Standards and Technology Gaithersburg, MD 20899-8930. 2. Björkqvist M. et al. (2010) “Design and Implementation of a Key-Lifecycle Management System”, International Conference on Financial Cryptography and Data Security, pp 160-174. 3. Acar T., Belenkiy, M., Ellison, C., & Nguyen, L. (2010). Key management in distributed systems. Microsoft Research (pp. 1–14). Retrieved from http://docplayer.net/11794546-Key-management-in-distributed-systems.html 4. Shettar, I. M., (2016) Quick Response (QR) Codes in Libraries: Case study on the use of QR codesin the Central Library, NITK. Proc. TIFR-BOSLA National Conference on Future Librarianship-2016, 129-134. 5. Sangeeta Singh, “QR Code Analysis”, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 6, Issue 5, May 2016. 6. Cui Y., Peng Z., Song W., Li X., Cheng F., Ding L. (2014) A Time-Based Group Key Management Algorithm Based on Proxy Re-encryption for Cloud Storage. Asia-Pacific Web Conference 2014: Web Technologies and Applications pp 117-128. DOI https://doi.org/10.1007/978-3-319-11116-2_11. 7. Toorani, M., & Shirazi, A. A. B. (2008). LPKI - A lightweight public key infrastructure for the mobile environments. In 2008 11th IEEE Singapore International Conference on Communication Systems, ICCS 2008 (pp. 162–166). https://doi.org/10.1109/ICCS.2008.4737164 8. Gan, S., Gu, C., & Zhang, X. (2010). A PKI-based authentication approach for E-Business systems. In 2010 2nd International Symposium on Information Engineering and Electronic Commerce, IEEC 2010 (pp. 187–190). https://doi.org/10.1109/IEEC.2010.5533219 9. Reddy, A. G., Das, A. K., Yoon, E. J., & Yoo, K. Y. (2016). A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography. IEEE Access, 4, 4394–4407. https://doi.org/10.1109/ACCESS.2016.2596292 10. Kenney, M., & Pon, B. (2011). Structuring the smartphone industry: Is the mobile Internet OS platform the key? Journal of Industry, Competition and Trade, 11(3), 239–261. https://doi.org/10.1007/s10842-011-0105-6 11. Song, X., & Chen, Z. (2008). A distributed electronic authentication scheme in E-Business system. In Proceedings of the International Symposium on Electronic Commerce and Security, ISECS 2008 (pp. 343–346). https://doi.org/10.1109/ISECS.2008.125 12. Buchmann, J. A., Karatsiolis, E., & Wiesmaier, A. (2013). Introduction to public key infrastructures. Introduction to Public Key Infrastructures (pp. 1–187). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40657-7 13. Dubenskaya, J., Kryukov, A., Demichev, A., & Prikhodko, N. (2016). New security infrastructure model for distributed computing systems. In Journal of Physics: Conference Series (Vol. 681). Institute of Physics Publishing. https://doi.org/10.1088/1742-6596/681/1/012051 14. Liu, Y., Yang, J., & Liu, M. (2008). Recognition of QR Code with mobile phones. In Chinese Control and Decision Conference, 2008, CCDC 2008 (pp. 203–206). https://doi.org/10.1109/CCDC.2008.4597299 15. Sutheebanjard, P., & Premchaiswadi, W. (2010). QR-code generator. In Proceedings - 2010 8th International Conference on ICT and Knowledge Engineering, ICT and KE 2010 (pp. 89–92). https://doi.org/10.1109/ICTKE.2010.5692920 16. Lorenzi, D., Vaidya, J., Chun, S., Shafiq, B., & Atluri, V. (2014). Enhancing the government service experience through QR codes on mobile platforms. Government Information Quarterly, 31(1), 6–16. https://doi.org/10.1016/j.giq.2013.05.025 17. Liébana-Cabanillas, F., Ramos de Luna, I., & Montoro-Ríos, F. J. (2015). User behaviour in QR mobile payment system: the QR Payment Acceptance Model. Technology Analysis and Strategic Management, 27(9), 1031–1049. https://doi.org/10.1080/09537325.2015.1047757 18. Walsh, A. (2010). QR Codes – using mobile phones to deliver library instruction and help at the point of need. Journal of Information Literacy, 4(1). https://doi.org/10.11645/4.1.1458 19. Liao, K. C., & Lee, W. H. (2010). A novel user authentication scheme based on QR-code. Journal of Networks, 5(8), 937–941. https://doi.org/10.4304/jnw.5.8.937-941 20. Kieseberg, P., Leithner, M., Mulazzani, M., Munroe, L., Schrittwieser, S., Sinha, M., & Weippl, E. (2010). QR code security. In MoMM2010 - 8th International Conference on Advances in Mobile Computing and Multimedia (pp. 430–435). https://doi.org/10.1145/1971519.1971593 21. Nseir, S., Hirzallah, N., & Aqel, M. (2013). A secure mobile payment system using QR code. In 2013 5th International Conference on Computer Science and Information Technology, CSIT 2013 - Proceedings (pp. 111–114). https://doi.org/10.1109/CSIT.2013.6588767 22. Finžgar, L., & Trebar, M. (2011). Use of NFC and QR code identification in an electronic ticket system for public transport. In 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011 (pp. 81–86). 23. Lu, J., Yang, Z., Yuan, W., Li, L., Chang, C. C., & Li, L. (2017). Multiple Schemes for Mobile Payment Authentication Using QR Code and Visual Cryptography. Mobile Information Systems, 2017. https://doi.org/10.1155/2017/4356038 24. Stallings, W. (2013). Digital Signature Algorithms. Cryptologia, 37(4), 311–327. https://doi.org/10.1080/01611194.2013.797044
Aripov, Mersaid prof. and Alayev, Ruhillo Habibovich
"DISTRIBUTED SYSTEM MODEL FOR KEY MANAGEMENT,"
Bulletin of TUIT: Management and Communication Technologies: Vol. 1
, Article 5.
Available at: https://uzjournals.edu.uz/tuitmct/vol1/iss1/5