CN101257380A - User entity for self-generating public key certificate and system and method for managing public key certificate - Google Patents

Abstract

The invention discloses a system and a method for self-generating and managing the public key certificate by the user entity, which comprise: a user entity; a user entity used by a credible third party to exchange the data with the user entity and generating part private key to the user entity; a server for storing the public key certificate generated itself or updated. Any user entity is allowed to access the server and enquire the public key of others, but only allowed to modify and update the public key certificate himself.

Description

User subject is from producing public key certificate and managing the public key certificate system and method

Technical field

What the present invention relates to is a kind of digital information safety technology, particularly be a kind of user subject from producing public key certificate and managing the system of public key certificate and the correlation method of realizing by said system.

Background technology

For cryptographic algorithm, PKI (Public Key Infrastructure, PKIX), its topmost function is intactly to issue user subject PKI and corresponding certificate safely, and makes user subject use the PKI and the corresponding certificate of other user subject safely.PKI is the basis of present network security parts and application, as SSL, and IPsec, https, PGP, SET etc.; Just because of there being PKI to do the basis, just Secure Application such as the Email communication of Shi Deing, ecommerce, electronic voting become possibility.See also shown in Figure 1, it is the structural representation that existing PKI produces system, wherein said PKI mainly comprises some user subjects 1 of CA (CertificateAuthority) certificate verification mechanism and application public key certificate, described user subject 1 is to CA application public key certificate, CA provides public key certificate to user subject, divide according to function, CA can be divided into two parts again and realize topmost several function:

(1) registration body (Registration Authority) 2 abbreviates RA as, is responsible for finishing the typing of the information of user subject 1, the authentication of user subject 1.

(2) Key Management server (Key Management Server) 3 abbreviates KMS as.After RA2 passes through the authentication of user subject 1, KMS3 is responsible for user subject 1 and generates public private key pair, and to user subject 1 granting public key certificate, public key certificate mainly comprises the identity information of user subject 1, the PKI of user subject 1, information such as the release date of certificate and the term of validity, and CA is to a signature of the Hash (hash) of these information value, KMS3 provides user subject 1 corresponding private key and public key certificate to user subject 1.

The relevant informations such as public key certificate of user subject 1 are stored in the certificate data bank 31.

Public key certificate with the user subject 1 that is revoked is stored in the certificate revocation list 32 simultaneously.

The public key certificate of KMS3 leading subscriber entity, and safeguard certificate data bank 31 and key certificate revocation list 32, provide online service to user subject.

When user subject A will use the public key certificate of user subject B, at first to whether cancel in the tabulation to the public key certificate of the key certificate revocation list server lookup user subject B of CA.If, the public key certificate that user subject B is described lost efficacy, otherwise just can use the public key certificate of user subject B, public key certificate is bound the information of user subject B and the PKI of user subject B, and because CA is believable third party, so the signature of CA on public key certificate in fact also just expressed the authenticity and the confirmability of certificate.

But still have some intrinsic defectives for the PKI that with CA is the center, complicated and heavy as the work of CA, especially to the management of user subject 1 public key certificate, CA is responsible for the generation of certificate, safeguards and cancels.When the number of user subject 1 increases, the management role of CA will be complicated increasingly and heavy;

User subject 1 need prove that the private key of user subject 1 and PKI mate to CA when CA application certificate, mainly contain PKI and private key that two kinds of methods generate user subject 1 at present:

First method is that the front is narrated, generate PKI and private key by the Key Management server KMS3 assisting users entity among the CA 1, tell user subject 1 with PKI and private key then, this way makes CA know the private key of user subject 1 in fact, violated the privacy of the private key of user subject 1, though CA is believable third party, the private key that CA controls user subject 1 still can increase the chance that private key is revealed;

Second method user subject 1 oneself generates public and private key, submits PKI to CA then, and private key oneself is preserved.The benefit of this method is the private key that CA does not know user subject 1 yet, must prove the corresponding private key of PKI of oneself knowing and being submitted to CA but shortcoming is a user subject 1, but this then needs complicated zero-knowledge proof technology.

In view of above-mentioned defective, creator of the present invention is through research and practice have obtained this creation finally for a long time.

Summary of the invention

The objective of the invention is to, provide a kind of user subject from producing public key certificate and managing the system and method for public key certificate, in order to overcome above-mentioned defective.

For achieving the above object, the technical solution used in the present invention is, at first provides a kind of user subject from producing public key certificate and managing the system of public key certificate, and it comprises:

User subject;

One trusted third party is in order to carrying out data interaction with user subject, and the generating portion private key is given described user subject;

One server is in order to store the public key certificate that described user subject oneself generates or upgrades.

Wherein, the Any user entity allows described server is conducted interviews, and the inquiry public key certificate, but only allows to revise and upgrade the public key certificate of oneself.

Next the invention provides a kind of user subject from the method that produces public key certificate and manage public key certificate, and it is to realize that from the system that produces public key certificate and manage public key certificate it step that comprises is by above-mentioned user subject:

Step a: generate and set up the needed system parameters of system;

Step b: user subject and trusted third party carry out secret data interaction, and described trusted third party participates in generating the part private key of described user subject;

Step c: described user subject is utilized the part private key to generate or is upgraded complete PKI and private key and corresponding public key certificate;

Steps d: the public key certificate of server by utilizing user subject and system parameters, the accuracy of the public key certificate of checking user subject.

Wherein, described step a generates and sets up the needed system parameters of system, and it step that comprises is:

Step a1:, select a big prime number p according to security parameter λ;

Step a2: selecting rank is the group G of p;

Step a3: choose set Z randomly _p ^*On element x;

Step a4: one of picked at random is not the element g of identical element from described group G;

Step a5: on described group G, calculate y=g ^x

Step a6: select a hash function, be designated as H:{0,1} ^*→ Z _p

Step a7: (g is y) with master key x for p, G for the open parameter p aram=of output.

Wherein, step b: user subject and trusted third party carry out secret data interaction, and described trusted third party participates in generating the part private key of described user subject, and it step that comprises is:

Step b1: the described set of user subject picked at random Z _p ^*On element z;

Step b2: user subject is calculated u=g on described group G ^z, described g is the open parameter of of system;

Step b3: described user subject sends u to described trusted third party;

Step b4: after described u receives in described trusted third party, output private key s and aided verification information w;

Step b5: the checking of described user subject comes from the legitimacy of the part private key s that described trusted third party generates, if legal then carry out following step b6, if illegal execution b1;

Step b6: the private key of described user subject is two parts, and the part private key that is generated by described user subject is sk ₁=z is that the part private key that described user subject generates is sk by described trusted third party ₂=s.

Wherein, step b4: after described u receives in described trusted third party, output private key s and aided verification information w; The step that comprises is:

Step b41: the described set of picked at random Z _p ^*On element t;

Step b42: calculate aided verification information w=g ^t

Step b43: calculating section private key s=t+xH (ID ‖ uw), wherein hash function is the disclosed parameter of H, ID is the identity information of described user subject.

Wherein, step c: user subject is utilized the part private key to generate or is upgraded complete PKI and private key and corresponding public key certificate, and it step that comprises is:

Step c1: described user subject obtains system parameters param, part private key sk ₁And sk ₂

Step c2: described user subject is chosen described set Z randomly _p ^*On element k;

Step c3: calculating complete private key is sk=sk ₁+ sk ₂+ k=z+s+k;

Step c4: calculate intermediate quantity pk ⁽¹⁾=uw=g ^Z+t

Step c5: calculate intermediate quantity ${\mathrm{pk}}^{\left(2\right)}={\mathrm{pk}}^{\left(1\right)}{\mathrm{gy}}^{H\left(\mathrm{IDPp}{k}^{\left(1\right)}\right)}{\mathrm{gg}}^k=g^{z+s+k}$

Step c6: calculate intermediate quantity pk ⁽³⁾=g ^k

Step c7: the described set of picked at random Z _p ^*On element r, and calculate intermediate quantity pk ⁽⁴⁾=(R, δ);

Step c8: the PKI of user subject is pk=(pk ⁽¹⁾‖ pk ⁽²⁾‖ pk ⁽³⁾‖ pk ⁽⁴⁾);

Step c9: the public key certificate of user subject is cert=(ID ‖ pk ‖ time ‖ validity)=(ID ‖ pk ⁽¹⁾‖ pk ⁽²⁾‖ pk ⁽³⁾‖ pk ⁽⁴⁾‖ time ‖ validity), wherein time is the certificate rise time, and validity is the term of validity of certificate, and ‖ represents cascade connection.

Wherein, step c7: the described set of picked at random Z _p ^*On element r, and calculate intermediate quantity pk ⁽⁴⁾=(R, δ); It step that comprises is:

Step c71: calculate R=g ^r

Step c72: calculate δ=r+skgH (ID Ppk ⁽¹⁾Ppk ⁽²⁾Ppk ⁽³⁾Ptime Pvalidity PR).

Wherein, steps d: utilize the public key certificate and the system parameters of user subject, the accuracy of the public key certificate of checking user subject, it step that comprises is:

Steps d 1:, otherwise carry out following steps d 4 if the current time in the term of validity of certificate, is then carried out following steps d 2;

Steps d 2: checking ${\mathrm{pk}}^{\left(2\right)}={\mathrm{pk}}^{\left(1\right)}{\mathrm{gy}}^{H\left(\mathrm{IDP}{\mathrm{pk}}^{\left(1\right)}\right)}{\mathrm{gpk}}^{\left(3\right)}$ Whether set up,, otherwise carry out following steps d 4 if set up then carry out following steps d 3;

Steps d 3: calculate $g^{\mathrm{\δ}}=R\·p{k}^{\left(2\right)H\left({\mathrm{IDPpk}}^{\left(1\right)}{\mathrm{Ppk}}^{\left(2\right)}\mathrm{Pp}{k}^{\left(3\right)}\mathrm{PtimePvalidityPR}\right)}$ If, set up, then certificate is considered as effectively, otherwise carries out following steps d 4;

Steps d 4: the public key certificate of checking user subject is invalid.

Compared with the prior art, beneficial effect of the present invention is, it concentrates the function of generation and leading subscriber entity certificate to disperse CA among traditional PKI to each user subject, under the help of a trusted third party, user subject produces the certificate of oneself, is responsible for the management of the certificate of oneself simultaneously.Self-governing certificate can be avoided all drawbacks that centralized management brought of CA among the conventional P KI.Simultaneously, user subject provided by the present invention is applicable to any public key encryption and digital signature system based on discrete logarithm from the method and system that produces certificate.

Description of drawings

Fig. 1 is the structural representation that existing public key certificate produces system;

Fig. 2 produces public key certificate certainly for user subject of the present invention and manages the structural representation of the system of public key certificate;

Fig. 3 produces public key certificate and manages the flow chart of the method for public key certificate certainly for user subject of the present invention.

Embodiment

Below in conjunction with accompanying drawing, be described in more detail with other technical characterictic and advantage the present invention is above-mentioned.

See also shown in Figure 2, its for user subject of the present invention from structural representation of producing public key certificate and managing the system of public key certificate; It comprises: user subject 1; One trusted third party 4 is in order to carry out data interaction with user subject 1, and the generating portion private key is given described user subject 1, one server 5, in order to store the public key certificate that described user subject oneself generates or upgrades, described server is subjected to a data bank support, and wherein, 4 pairs of user subjects 1 of trusted third party provide authentication service, after authentication is passed through, for user subject 1 produces the part private key;

After 4 pairs of user subjects of trusted third party 1 authentication was passed through, announcement server 5 provided ftp service for user subject 1 family of making out a bill to user subject 1.User subject 1 is uploaded the public key certificate of oneself on the account of oneself.In the system all user subject 1 server 5 right of possession profits to oneself account carry out the uploading of data in real time, revise, operation such as maintenance, but for the account of other user subjects, user subject 1 has only the right of data download, not have the right of modification.

See also shown in Figure 3, its for user subject of the present invention from producing public key certificate and manage the flow chart of the method for public key certificate; It step that comprises is:

Step a: generate and set up the needed system parameters of system;

Step b: user subject 1 is carried out data interaction with trusted third party 4, and described trusted third party 4 participates in generating the part private key of described user subject 1;

Step c: described user subject 1 is utilized the part private key to generate or is upgraded complete PKI and private key and corresponding public key certificate;

Steps d: server 5 utilizes the public key certificate and the system parameters of user subject 1, the accuracy of the public key certificate of checking user subject 1.

To illustrate accordingly specifically that below wherein, user subject of the present invention generates the step that the flow process of setting up the needed system parameters of system comprises and is from producing public key certificate and managing in the method for public key certificate:

Step a1:, select a big prime number p according to security parameter λ;

Step a2: selecting rank is the group G of p;

Step a3: choose set Z randomly _p ^*On element x;

Step a4: one of picked at random is not the element g of identical element from described group G;

Step a5: on described group G, calculate y=g ^x

Step a6: select a hash function, be designated as H:{0,1} ^*→ Z _p

Step a7: (g is y) with master key x for p, G for the open parameter p aram=of output.

In order to make above-mentioned user subject of the present invention generate the flow chart of setting up the needed system parameters of system in the method for public key certificate from producing public key certificate and managing, be example with ElGamal public key encryption system below, it is embodied as:

Step (a1): select a big prime number p of λ bit at least;

Step (a2): calculate q=2p+1,, then carry out following step, otherwise carry out above-mentioned steps (a1) if q is a prime number;

Step (a3): picked at random set Z _q ^*On element h, make g ≡ h ²Mod q;

Step (a4): selection is that the rank of generator are the multiplicative group G of p with g;

Step (a5): choose set Z randomly _p ^*On element x, on group G, calculate y ≡ g ^xMod q;

Step (a6): select a hash function, be designated as H:{0,1} ^*→ Z _p

Step (a7): the open parameter p aram=of output (p, q, G, H, g is y) with master key x.

For the open param in whole system of trusted third party.

The user subject 1 of system is submitted register requirement to trusted third party 4, when trusted third party 4 registers, the identity of checking user subject 1, if the authentication of user subject 1 is passed through, described trusted third party 4 participates in generating the part private key of described user subject 1, otherwise it can denial of service.

Wherein, from producing public key certificate and manage in the method for public key certificate user subject 1 and carry out data interaction with trusted third party 4, described trusted third party 4 participates in generating the step that the flow process of a preferred embodiment of the part private key of described user subject 1 comprises and is for user subject of the present invention 1:

Step b1: the described set of user subject 1 picked at random Z _p ^*On element z;

Step b2: user subject 1 is calculated u=g on described group G ^z, described g is the open parameter of of system;

Step b3: described user subject 1 sends u to described trusted third party 4;

Step b4: after described u receives in described trusted third party 4, output private key s and aided verification information w; This step is refined as:

Step b41: the described set of picked at random Z _p ^*On element t;

Step b42: calculate aided verification information w=g ^t

Step b43: calculating section private key s=t+xH (ID ‖ uw), wherein hash function is the disclosed parameter of H, ID is the identity information of described user subject 1;

Step b5: 1 checking of described user subject comes from the legitimacy of the part private key s that described trusted third party 4 generates, if legal then carry out following step b6, if illegal execution b1;

Step b6: the private key of described user subject 1 is two parts, and the part private key that is generated by described user subject 1 is sk ₁=z is sk by described trusted third party 4 for the part private key that described user subject 1 generates ₂=s.

Wherein for user subject of the present invention from producing public key certificate and managing user subject in the method for public key certificate and utilize the part private key to generate or upgrade the step that the flow process of a preferred embodiment of complete PKI and private key and corresponding public key certificate comprises and be:

Step c1: described user subject 1 obtains system parameters param, part private key sk ₁And sk ₂

Step c2: described user subject 1 is chosen described set Z randomly _p ^*On element k;

Step c3: calculating complete private key is sk=sk ₁+ sk ₂+ k=z+s+k;

Step c4: calculate intermediate quantity pk ⁽¹⁾=uw=g ^Z+t

Step c5: calculate intermediate quantity ${\mathrm{pk}}^{\left(2\right)}={\mathrm{pk}}^{\left(1\right)}{\mathrm{gy}}^{H\left(\mathrm{IDPp}{k}^{\left(1\right)}\right)}{\mathrm{gg}}^k=g^{z+s+k};$

Step c6: calculate intermediate quantity pk ⁽³⁾=g ^k

Step c7: the described set of picked at random Z _p ^*On element r, and calculate intermediate quantity pk ⁽⁴⁾=(R, δ);

This step is refined as:

Step c71: calculate R=g ^r

Step c72: calculate δ=r+skgH (ID Ppk ⁽¹⁾Ppk ⁽²⁾Ppk ⁽³⁾Ptime Pvalidity PR);

Step c8: the PKI of user subject is pk=(pk ⁽¹⁾‖ pk ⁽²⁾‖ pk ⁽³⁾‖ pk ⁽⁴⁾);

Step c9: the public key certificate of user subject is cert=(ID ‖ pk ‖ time ‖ validity)=(ID ‖ pk ⁽¹⁾‖ pk ⁽²⁾‖ pk ⁽³⁾‖ pk ⁽⁴⁾‖ time ‖ validity), wherein time is the certificate rise time, and validity is the term of validity of certificate, and ‖ represents cascade connection.

Described user subject 1 uploads to oneself public key certificate cert on the account of server 5 oneself, wherein, from producing public key certificate and managing public key certificate and the system parameters of utilizing user subject 1 in the method for public key certificate, the step that the flow process of the accuracy of the public key certificate of checking user subject 1 comprises is for user subject of the present invention 1:

Steps d 1:, otherwise carry out following steps d 4 if the current time in the term of validity of certificate, is then carried out following steps d 2;

Steps d 2: checking ${\mathrm{pk}}^{\left(2\right)}={\mathrm{pk}}^{\left(1\right)}{\mathrm{gy}}^{H\left(\mathrm{IDP}{\mathrm{pk}}^{\left(1\right)}\right)}{\mathrm{gpk}}^{\left(3\right)}$ Whether set up,, otherwise carry out following steps d 4 if set up then carry out following steps d 3;

Steps d 3: calculate $g^{\mathrm{\δ}}=R\·p{k}^{\left(2\right)H\left({\mathrm{IDPpk}}^{\left(1\right)}{\mathrm{Ppk}}^{\left(2\right)}\mathrm{Pp}{k}^{\left(3\right)}\mathrm{PtimePvalidityPR}\right)}$ If, set up, then certificate is considered as effectively, otherwise carries out following steps d 4;

Steps d 4: the public key certificate of checking user subject 1 is invalid.

Cross after date at described user subject 1 public key certificate, must upgrade the private key and the corresponding public key certificate of user subject 1 oneself, when upgrading, need call above-mentioned step b and step c once more and obtain new complete private key sk ' and new public key certificate cert ', new certificate cert ' is uploaded on the server 5.

If corresponding private key sk has revealed with described user subject 1 public key certificate, safety for the user subject 1 of going bail for, must immediately public key certificate cert be removed from server 5, described user subject 1 of while calls above-mentioned step b once more and step c obtains new complete private key sk ' and new public key certificate cert '.New certificate cert ' is uploaded on the server 5.

For above-mentioned ElGamal encryption system, wherein Dui Ying ElGamal cryptographic algorithm is: suppose that user subject 1 utilizes the ElGamal encryption system to send message m to user subject 1, user subject 1 is from the public key certificate of the PKI data bank 51 download user entities 1 of server 5, under the effective situation of described user subject 1 public key certificate of checking, call the ElGamal cryptographic algorithm and encrypt, its algorithm is as follows:

Choose described set Z randomly _p ^*On element v, calculate c ₁=g ^vMod q and $c_2={\mathrm{pk}}^{{\left(2\right)}^v}m$ Modq, and make ciphertext C=(c ₁, c ₂);

Simultaneously relative ElGamal decipherment algorithm with the ElGamal cryptographic algorithm, its algorithm is as follows:

User subject 1 utilizes the private key sk of oneself to ciphertext C=(c ₁, c ₂) be decrypted: m ≡ c ₂C ₁ ^-skMod q.

The invention provides the method that a novel Public Key Infrastructure(PKI) is implemented, on new PKI basis provided by the present invention, can create any public-key cryptosystem based on discrete logarithm.Only need a trusted third party 4 assisting users entities 1 to produce the part key, user subject 1 can oneself be integrated private key afterwards, and produces the certificate of oneself.The private key of user subject 1 upgrades and the renewal of corresponding public key certificate and safeguard that all only needing user subject to come in person finishes afterwards.

The above only is preferred embodiment of the present invention, only is illustrative for the purpose of the present invention, and nonrestrictive.Those skilled in the art is understood, and can carry out many changes to it in the spirit and scope that claim of the present invention limited, revise, even equivalence, but all will fall within the scope of protection of the present invention.

Claims (8)

1, a kind of user subject is characterized in that from producing public key certificate and managing the system of public key certificate it comprises:

User subject;

One trusted third party is in order to carrying out data interaction with user subject, and the generating portion private key is given described user subject;

One server is in order to store the public key certificate that described user subject oneself generates or upgrades.

2, user subject according to claim 1 is from producing public key certificate and managing the system of public key certificate, it is characterized in that, the Any user entity allows described server is conducted interviews, and the inquiry public key certificate, but only allows to revise and upgrade the public key certificate of oneself.

3, a kind of user subject is from the method that produces public key certificate and manage public key certificate, and it is to realize from the system that produces public key certificate and manage public key certificate by above-mentioned user subject, it is characterized in that it step that comprises is:

Step a: generate and set up the needed system parameters of system;

Step b: user subject and trusted third party carry out secret data interaction, and described trusted third party participates in generating the part private key of described user subject;

Step c: described user subject is utilized the part private key to generate or is upgraded complete PKI and private key and corresponding public key certificate;

Steps d: by the public key certificate and the system parameters of server by utilizing user subject, the accuracy of the public key certificate of checking user subject.

4, user subject according to claim 3 is characterized in that from the method that produces public key certificate and manage public key certificate, and described step a generates and sets up the needed system parameters of system, and it step that comprises is:

Step a1:, select a big prime number p according to security parameter λ;

Step a2: selecting rank is the group G of p;

Step a3: choose set Z randomly _p ^*On element x;

Step a4: one of picked at random is not the element g of identical element from described group G;

Step a5: on described group G, calculate y=g ^x

Step a6: select a hash function, be designated as H:{0,1} ^*→ Z _p

Step a7: (g is y) with master key x for p, G for the open parameter p aram=of output.

5, user subject according to claim 3 is from the method that produces public key certificate and manage public key certificate, it is characterized in that, step b: user subject and trusted third party carry out secret data interaction, described trusted third party participates in generating the part private key of described user subject, and it step that comprises is:

Step b1: the described set of user subject picked at random Z _p ^*On element z;

Step b2: user subject is calculated u=g on described group G ^z, described g is the open parameter of of system;

Step b3: described user subject sends u to described trusted third party;

Step b4: after described u receives in described trusted third party, output private key s and aided verification information w;

Step b5: the checking of described user subject comes from the legitimacy of the part private key s that described trusted third party generates, if legal then carry out following step b6, if illegal execution b1;

Step b6: the private key of described user subject is two parts, and the part private key that is generated by described user subject is sk ₁=z is that the part private key that described user subject generates is sk by described trusted third party ₂=s.

6, user subject according to claim 5 is characterized in that step b4 from the method that produces public key certificate and manage public key certificate: after described u receives in described trusted third party, and output private key s and aided verification information w; The step that comprises is:

Step b41: the described set of picked at random Z _p ^*On element t;

Step b42: calculate aided verification information w=g ^t

Step b43: calculating section private key s=t+xH (ID ‖ uw), wherein hash function H is disclosed parameter, ID is the identity information of described user subject.

7, user subject according to claim 3 is from the method that produces public key certificate and manage public key certificate, it is characterized in that, step c: user subject is utilized the part private key to generate or is upgraded complete PKI and private key and corresponding public key certificate, and it step that comprises is:

Step c1: described user subject obtains system parameters param, part private key sk ₁And sk ₂

Step c2: described user subject is chosen described set Z randomly _p ^*On element k;

Step c3: calculating complete private key is sk=sk ₁+ sk ₂+ k=z+s+k;

Step c4: calculate intermediate quantity pk ⁽¹⁾=uw=g ^Z+t

Step c5: calculate intermediate quantity ${\mathrm{pk}}^{\left(2\right)}={\mathrm{pk}}^{\left(1\right)}{\mathrm{gy}}^{H\left(\mathrm{IDP}{\mathrm{pk}}^{\left(1\right)}\right)}{\mathrm{gg}}^k=g^{z+s+k}$

Step c6: calculate intermediate quantity pk ⁽³⁾=g ^k

Step c7: the described set of picked at random Z _p ^*On element r, and calculate intermediate quantity pk ⁽⁴⁾=(R, δ);

Step c8: the PKI of user subject is pk=(pk ⁽¹⁾‖ pk ⁽²⁾‖ pk ⁽³⁾‖ pk ⁽⁴⁾);

Step c9: the public key certificate of user subject is cert=(ID ‖ pk ‖ time ‖ validity)=(ID ‖ pk ⁽¹⁾‖ pk ⁽²⁾‖ pk ⁽³⁾‖ pk ⁽⁴⁾‖ time ‖ validity), wherein time is the certificate rise time, and validity is the term of validity of certificate, and ‖ represents cascade connection.

8, user subject according to claim 7 is characterized in that step c7: the described set of picked at random Z from the method that produces public key certificate and manage public key certificate _p ^*On element r, and calculate intermediate quantity pk ⁽⁴⁾=(R, δ); It step that comprises is:

Step c71: calculate R=g ^r

Step c72: calculate δ=r+skgH (ID Ppk ⁽¹⁾Ppk ⁽²⁾Ppk ⁽³⁾Ptime Pvalidity PR).

9, user subject according to claim 3 is from the method that produces public key certificate and manage public key certificate, it is characterized in that, steps d: utilize the public key certificate and the system parameters of user subject, the accuracy of the public key certificate of checking user subject, it step that comprises is:

Steps d 1:, otherwise carry out following steps d 4 if the current time in the term of validity of certificate, is then carried out following steps d 2;

Steps d 2: checking ${\mathrm{pk}}^{\left(2\right)}={\mathrm{pk}}^{\left(1\right)}{\mathrm{gy}}^{H\left(\mathrm{IDP}{\mathrm{pk}}^{\left(1\right)}\right)}{\mathrm{gpk}}^{\left(3\right)}$ Whether set up,, otherwise carry out following steps d 4 if set up then carry out following steps d 3;

Steps d 3: calculate $g^{\mathrm{\δ}}=R\·p{k}^{\left(2\right)H\left(\mathrm{IDP}{\mathrm{pk}}^{\left(1\right)}{\mathrm{Ppk}}^{\left(2\right)}{\mathrm{Ppk}}^{\left(3\right)}\mathrm{PtimePvalidityPR}\right)}$ If, set up, then certificate is considered as effectively, otherwise carries out following steps d 4;

Steps d 4: the public key certificate of checking user subject is invalid.

Images