A new scheme for protecting master-key of data centre web server in online banking

Abstract

The master-key is used to encrypt the operation-key, and the operation-key is applied to encrypt the transport-key, consequently safety protection of the master-key is security core in online banking system. A scheme to protect the master-key was presented. Using method of 3-out-4 key share and LaGrange formula, the shares of the master-key were distributed to one synthesizing card and four key servers. When the data centre web server needed the master-key, the synthesizing card firstly authenticated the legitimacy of the shares of randomly selected three key severs from the four by zero-knowledge proof technology, once the shares were modified and destroyed, rest shares could make up a group so that the system worked continuously. Then the synthesizing card synthesized the master-key based on the shares of those three key severs. Security analysis proves that this scheme makes the whole system to have fault-tolerant and error detection, and also shows no-information leakage and defending collusive attack. © 2010 Springer-Verlag Berlin Heidelberg.