With the popularization of networks and continuous development of network technologies, an increasing number of cryptographic technologies are applied to portable low-security mobile devices, making it easy for an attacker to hack into such mobile devices and obtain keys. However, for a traditional cryptographic system totally dependent upon a key, once the key is exposed, all cryptographic operations relevant to the key become invalid. Therefore, as an effective method for reducing the risk of key exposure, a key self-protection technology is applied to an increasing number of fields.
The basic idea of a key insulation technology is to divide a private key of a user into two parts, namely, a temporary private key stored in a user equipment and a helper key stored in a helper device (“helper”). The user equipment has a great computing capability but low security, while the helper has a poor computing capability but high physical security. An entire lifecycle is divided into several time segments. In the entire system lifecycle, provided that a public key of the user remains unchanged, the temporary private key for each time segment is updated regularly through interaction between the user equipment and the helper. The user uses different temporary private keys in different time segments, so that exposure of a temporary private key in a certain time segment does not harm security in another time segment, thereby greatly reducing harm caused by key exposure.
During implementation, key insulation solutions in the prior art generally all require presetting a lifecycle of a key system. After the lifecycle ends, the key system cannot be used and is poor in flexibility.