CN109104396B - Block chain agent authorization method and medium based on agent signature - Google Patents
Block chain agent authorization method and medium based on agent signature Download PDFInfo
- Publication number
- CN109104396B CN109104396B CN201710475320.6A CN201710475320A CN109104396B CN 109104396 B CN109104396 B CN 109104396B CN 201710475320 A CN201710475320 A CN 201710475320A CN 109104396 B CN109104396 B CN 109104396B
- Authority
- CN
- China
- Prior art keywords
- user
- core node
- signature
- proxy
- delegation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain agent authorization method and medium based on an agent signature, wherein a user can delegate part of rights to a delegated party and can specify the scope, timeliness and the like of the delegation rights. The technical scheme is as follows: two types of participants in the blockchain system: a normal node and a core node. And the ordinary node delegates the authority to the core node as required in a proxy signature mode. The mechanism is divided into two phases: a delegation phase and an application execution phase. In the delegation phase, a user takes a core node as a delegating party, generates a corresponding proxy signature key and specifies a proxy authority range. In the application execution phase, a user (which may be a related party) applies for the core node to execute a corresponding operation. After confirming the identity of the application user, the core node signs the content of the agent by using the agent signing key and finally executes the operation through the intelligent contract.
Description
Technical Field
The present invention relates to technologies related to a blockchain, and in particular, to a method and medium for authorization of a blockchain agent.
Background
The block chain (Blockchain) is a bottom layer technology of the bitcoin, is a chain data structure formed by combining data blocks in a sequential connection mode according to a time sequence, and is guaranteed to be non-falsifiable and non-fakeable in a cryptographic mode, so that a decentralized distributed account book is realized.
A node is a basic unit constituting a blockchain network, and generally, a node corresponds to a computer, stores copies of an account book, and can perform different roles, such as issuing transactions, verifying transactions, accounting, and the like. The nodes are used as participants of the blockchain system and respectively maintain a copy of data. And the nodes keep the consistency of the backup database data through a consensus algorithm. Since the blockchain system is a decentralized, distributed ledger system and does not rely on any trusted third party, there is a need for a mechanism that does not rely on third party institutions to authenticate and validate a value or transaction, i.e., a consensus mechanism. The consensus mechanism is the basis for all blockchains and distributed ledger applications. Each account in the blockchain system consists of an address (public key) and a private key. The user controls the asset in the account by using the private key, i.e. the user signs the operation of the asset with the private key. In a blockchain system, a user's ownership of an account asset is determined entirely by possession of the account's private key. I.e. the user operates on the assets of the account by means of a private key signature.
There is a scenario where a user delegates partial rights to other users in an actual business model. Such as a federation chain (a blockchain network that is open only to a particular individual or organization, with access to network nodes being strictly regulated), a core node needs to be committed to transfer assets when a user key is lost or dies. The current solutions to meet this need are to deliver the user's private key completely to the trusted party or to backup the private key in advance at the core node. This type of approach effectively fully hands ownership of the account to the trusted party without specific authority control over the trusted party. In a federation chain, a user needs to provide a key recovery service; or after the password is lost, the asset transfer service is provided. In the existing blockchain technology, only the private key of the user can be backed up at the core node. However, the method gives the core node excessive rights and cannot meet the requirements of customers.
Although the method can solve the requirement of the authority agent, the authorized party can actually control the account completely, and even can carry out operation against the intention of the authorized party.
The concept of proxy signatures was proposed by Mambo et al in 1996. Proxy signing allows user a to delegate the right to sign to user B on demand. Within the scope of the delegation, user B can sign the message on behalf of A. The verifier can discriminate that the signature is made by a delegated to B and verify the correctness of the signature.
An intelligent contract is a piece of code running on a blockchain that can maintain its state, control its assets and respond to received external information or assets, which controls and manages the database. The assets of each account are stored in a database of the intelligent contract and can operate on the data in the database through the intelligent contract under certain conditions (as shown in fig. 1). Generally, the intelligent contract first checks whether the signature of a transaction is correct, and only after the signature passes the verification, the assets in the database are operated. In this way, the account can be guaranteed control over its assets. In a federation chain, a common way of proxy authorization is to give a core node the right to control all nodes. The smart contract first checks the signature of the transaction and executes the code to update the database if the signature is a valid signature provided by the initiator or core node. However, this approach has the disadvantage that the common account delegates too many rights to the core node.
Disclosure of Invention
The following presents a simplified summary of one or more aspects in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.
The invention provides a block chain Proxy authorization method and medium based on Proxy Signature (Proxy Signature), wherein a user can delegate part of rights to a delegated party and can specify the scope, timeliness and the like of the delegation rights. In a federation chain, asset transfers may be made in the event that a user loses a key. Meanwhile, the proxy authorization method can minimize the authority of the core node and only allows the core node to carry out certain specific operation of user authorization.
The technical scheme of the invention is as follows: the invention discloses a block chain agent authorization method based on an agent signature, which comprises a delegation stage and an application execution stage, wherein,
in the delegation phase, the first user delegates a part of authority of the first user to the core node according to the requirement, and the delegation phase further comprises the following steps:
the first user is used as a principal and takes a public key pk1, a signature private key sk1 and a self-defined principal range w as input, and the core node is used as a principal and takes a public key pk2 and a signature private key sk2 of the core node as input;
according to the proxy process of proxy signature, a first user proxies the authority in the proxy range w to a core node;
the core node outputs (w, psk), wherein the psk is a entrusted signature private key corresponding to the entrusted range w, and the core node uses the psk to sign the message in the entrusted range;
in the application execution phase, the second user applies for the core node agent to execute corresponding operation, and the application execution phase further comprises:
the second user submits an application m to the core node and provides proving materials at the same time;
the core node authenticates the certification material of the second user, if the certification is not passed, the application is failed, and if the certification is passed, the core node checks whether the operation range applied by the second user is within the entrusting range w specified in the entrusting stage;
after the core node determines to have the corresponding authority, signing the application content m of the second user by using a delegation signature private key psk in a delegation stage, generating a proxy signature psig and then sending the psig to an intelligent contract;
and verifying whether the operation is in an authorized range by the intelligent contract, verifying whether the agency signature psig is correct by using the public key pk1 of the first user and the public key pk2 of the core node, and if the verification is passed, executing the operation of applying for m by the user by the intelligent contract.
According to an embodiment of the block chain proxy authorization method based on proxy signature of the present invention, the customized delegation scope w includes but is not limited to: range, age, and number of messages that can be signed.
According to an embodiment of the block chain agent authorization method based on the agent signature, a user associates an agent signature with an agent process of authorizing the authority in the agent scope w to the core node, and the agent signature can be interactive or non-interactive.
According to an embodiment of the block chain proxy authorization method based on the proxy signature, the first user and the second user may be the same user; or may be a different user where the second user is a related user to the first user of the commitment.
According to an embodiment of the block chain proxy authorization method based on the proxy signature, the processing of verifying whether the operation is in the authorization scope refers to verifying whether R (m, w) ═ 1 is correct, wherein the binary relation R represents the relation between the application m and the authority scope w, R (m, w) ═ 1 represents that m is within the right scope specified by w, and R (m, w) ═ 0 represents that m is not within the right scope specified by w.
The invention also discloses a computer readable medium, comprising a computer program stored on the medium, the computer program is used for executing the following block chain agent authorization method based on the agent signature:
in the delegation phase, the first user delegates a part of authority of the first user to the core node according to the requirement, and the delegation phase further comprises the following steps:
the first user is used as a principal and takes a public key pk1, a signature private key sk1 and a self-defined principal range w as input, and the core node is used as a principal and takes a public key pk2 and a signature private key sk2 of the core node as input;
according to the proxy process of proxy signature, a first user proxies the authority in the proxy range w to a core node;
the core node outputs (w, psk), wherein the psk is a entrusted signature private key corresponding to the entrusted range w, and the core node uses the psk to sign the message in the entrusted range;
in the application execution phase, the second user applies for the core node agent to execute corresponding operation, and the application execution phase further comprises:
the second user submits an application m to the core node and provides proving materials at the same time;
the core node authenticates the certification material of the second user, if the certification is not passed, the application is failed, and if the certification is passed, the core node checks whether the operation range applied by the second user is within the entrusting range w specified in the entrusting stage;
after the core node determines to have the corresponding authority, signing the application content m of the second user by using a delegation signature private key psk in a delegation stage, generating a proxy signature psig and then sending the psig to an intelligent contract;
and verifying whether the operation is in an authorized range by the intelligent contract, verifying whether the agency signature psig is correct by using the public key pk1 of the first user and the public key pk2 of the core node, and if the verification is passed, executing the operation of applying for m by the user by the intelligent contract.
According to one embodiment of the computer-readable medium of the present invention, custom delegation ranges w include, but are not limited to: range, age, and number of messages that can be signed.
According to an embodiment of the computer-readable medium of the present invention, the delegation process of a user delegating rights within the delegation scope w to a core node is related to a proxy signature, either interactive or non-interactive.
According to an embodiment of the computer readable medium of the present invention, the first user and the second user may be the same user; or may be a different user where the second user is a related user to the first user of the commitment.
According to an embodiment of the computer-readable medium of the present invention, the process of verifying whether the smart contract verification operation is within the scope of authority refers to verifying whether R (m, w) ═ 1 is correct, where the binary relationship R represents a relationship between the application m and the scope of authority w, R (m, w) ═ 1 represents that m is within the scope of authority defined by w, and R (m, w) ═ 0 represents that m is not within the scope of authority defined by w.
Compared with the prior art, the invention has the following beneficial effects: the invention combines the agent signature and the intelligent contract technology to realize the agent authorization mechanism in the block chain system. The user (principal) can specify the authorization scope and the authorization time limit, and the principal can only perform specified operation within the specified authority and time limit.
The mechanism of blockchain agent authorization in the industry currently proceeds through a super account or by delegating a private key. Compared with the prior art, the invention has the following advantages:
1) the user does not need to completely proxy the private key to the authorized party, and the authorized party can be prevented from having overlarge authority.
2) The user can delegate different rights to the delegatee as needed, and the delegation of authority of the delegatee is completely determined by the user. The mode of the user agent is more flexible and safer.
3) The intelligent contract support mode is more universal, and a specific intelligent contract does not need to be configured for each authorization.
Drawings
The above features and advantages of the present disclosure will be better understood upon reading the detailed description of embodiments of the disclosure in conjunction with the following drawings. In the drawings, components are not necessarily drawn to scale, and components having similar relative characteristics or features may have the same or similar reference numerals.
FIG. 1 shows a schematic diagram of an intelligent contract deployment.
Fig. 2 shows a flow chart of the proxy signature-based blockchain proxy authorization method in the delegation phase in the embodiment of the invention.
Fig. 3 shows a flow chart of the application execution phase in the embodiment of the block chain agent authorization method based on the agent signature of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. It is noted that the aspects described below in connection with the figures and the specific embodiments are only exemplary and should not be construed as imposing any limitation on the scope of the present invention.
The principles and mechanisms for implementing the present invention are first set forth.
In general, the present invention provides a mechanism for flexible proxy authorization of accounts in a blockchain system using the technique of proxy signatures. Consider two types of participants in a blockchain system: a normal node and a core node.
And the ordinary node delegates the authority to the core node as required in a proxy signature mode. The mechanism is divided into two phases: a delegation phase and an application execution phase. In the delegation phase, a user takes a core node as a delegating party, generates a corresponding proxy signature key and specifies a proxy authority range. In the application execution phase, a user (which may be a related party) applies for the core node to execute a corresponding operation. After confirming the identity of the application user, the core node signs the content of the agent by using the agent signing key and finally executes the operation through the intelligent contract.
In detail, the proxy signature allows the delegator to delegate the partial signature authority to the delegator. Proxy signing is divided into a delegation process, a proxy signing process and a verification process. The principal and the principal in the initial stage possess the authentication public key and the signature private key (pk1, sk1) and (pk2, sk2), respectively. The scope of authority w is defined and the relationship between the message m and the scope of authority is represented by a binary relationship R. If R (w, m) ═ 1, then m is within the rights specified for w; if R (w, m) ═ 0, then m is not within the scope of the rights specified for w.
In the process of delegation, a delegating party selects a proxy authority range w. The client takes (pk1, sk1, w) as input, and the client takes (pk2, sk2) as input, and the two parties negotiate in an interactive or non-interactive mode. Finally the trusted party gets (w, psk), where psk is the private proxy signature key within the scope of rights w specified by the trusted party. The trusted party can perform a signature on behalf of the requesting party within a range defined by w using the psk.
In the proxy signature process, the principal performs proxy signature on the message m after acquiring (w, psk) and the principal public key pk 1. Generating a proxy signature psig.
During the verification process, w, pk1, pk2, m, psig are used as input by the verifier. If R (w, m) is 1 and the signature verification is passed, the signature is the signature of the proxy party of the authorized party in the range of w; otherwise, it is not a legitimate signature or is not within the delegation scope.
Fig. 2 and fig. 3 show two phases of an embodiment of the inventive blockchain proxy authorization method based on proxy signatures of the present invention, respectively: a delegation phase and an application execution phase. Referring to fig. 2 and 3, the implementation steps of the present embodiment are described in detail as follows.
In the delegation phase, the user delegates a part of the authority of the user to the core node according to the requirement. The specific flow is shown in fig. 2.
1. The user as a client takes the public key pk1, the signature private key sk1 and the customized client scope w as input. The core node is used as the principal and takes the public key pk2 and the signature private key sk2 as input. The delegation range w can be the range, the time limit, the number of times and the like of the signed messages, and the specific setting is determined according to the actual scene.
2. According to the proxy process of proxy signature, the user proxies the authority in the proxy range w to the core node. The specific delegation process is associated with the proxy signature, and may be interactive or non-interactive.
3. The core node outputs (w, psk), where psk is the delegation signature private key for the corresponding delegation scope w. The core node uses the psk to sign messages within the delegation scope.
And in the application execution stage, the user applies for the core node agent to execute corresponding operation. The specific flow is shown in fig. 3.
1. And the user applies for the core node, and the core node is marked as m. The user may be different from the user in the delegation phase and may be the relevant user for the delegation item. While the user applies for the application, the user needs to provide proof material proof. The authentication material may be a paper material or an electronic material.
2. The core node authenticates the user's proof material proof. If not, returning application failure. If the request is passed, the core node checks whether the related party delegates the corresponding authority for the related party, namely, checks whether the operation range applied by the user is within the range represented by w specified in the delegation phase.
3. And after the core node determines to have the corresponding authority, signing the application content m of the user by using the entrusted signature private key psk in the entrusting stage to generate the psig. The proxy signature psig is sent to the smart contract.
4. The smart contract first verifies whether the operation is within the authorized range, i.e., whether R (m, w) ═ 1 is correct. Second, the public key pk1 of the user and the public key pk2 of the core node are used to verify that the proxy signature psig is correct. And if the verification is passed, the intelligent contract executes the operation applied by the user.
In addition, the invention also discloses a computer readable medium, on which a computer program is stored, the computer program is used for executing the block chain agent authorization method based on the agent signature in the foregoing embodiment.
While, for purposes of simplicity of explanation, the methodologies are shown and described as a series of acts, it is to be understood and appreciated that the methodologies are not limited by the order of acts, as some acts may, in accordance with one or more embodiments, occur in different orders and/or concurrently with other acts from that shown and described herein or not shown and described herein, as would be understood by one skilled in the art.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software as a computer program product, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a web site, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk (disk) and disc (disc), as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks (disks) usually reproduce data magnetically, while discs (discs) reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. Thus, the disclosure is not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A block chain agent authorization method based on agent signature is characterized in that the method comprises a delegation phase and an application execution phase, wherein,
in the delegation phase, the first user delegates a part of authority of the first user to the core node according to the requirement, and the delegation phase further comprises the following steps:
the first user is used as a principal and takes a public key pk1, a signature private key sk1 and a self-defined principal range w as input, and the core node is used as a principal and takes a public key pk2 and a signature private key sk2 of the core node as input;
according to the proxy process of proxy signature, a first user proxies the authority in the proxy range w to a core node;
the core node outputs (w, psk), wherein the psk is a entrusted signature private key corresponding to the entrusted range w, and the core node uses the psk to sign the message in the entrusted range;
in the application execution phase, the second user applies for the core node agent to execute corresponding operation, and the application execution phase further comprises:
the second user submits an application m to the core node and provides proving materials at the same time;
the core node authenticates the certification material of the second user, if the certification is not passed, the application is failed, and if the certification is passed, the core node checks whether the operation range applied by the second user is within the entrusting range w specified in the entrusting stage;
after the core node determines to have the corresponding authority, signing the application content m of the second user by using a delegation signature private key psk in a delegation stage, generating a proxy signature psig and then sending the psig to an intelligent contract;
and verifying whether the operation is in an authorized range by the intelligent contract, verifying whether the agency signature psig is correct by using the public key pk1 of the first user and the public key pk2 of the core node, and if the verification is passed, executing the operation of applying for m by the user by the intelligent contract.
2. The method of claim 1, wherein the customized delegation scope w includes but is not limited to: range, age, and number of messages that can be signed.
3. The method as claimed in claim 1, wherein the delegation process of the authority in the delegation scope w to the core node by the user is related to the proxy signature, and may be interactive or non-interactive.
4. A block chain proxy authorization method based on proxy signatures as claimed in claim 1, characterized in that the first user and the second user can be the same user; or may be a different user where the second user is a related user to the first user of the commitment.
5. The method for block chain proxy authorization based on proxy signature as claimed in claim 1, wherein the process of verifying whether the operation is in the authorization scope refers to verifying whether R (m, w) ═ 1 is correct, wherein the binary relation R represents the relation between application m and the authority scope w, R (m, w) ═ 1 represents that m is in the authority scope specified by w, and R (m, w) ═ 0 represents that m is not in the authority scope specified by w.
6. A computer readable medium comprising a computer program stored on the medium for performing the following proxy signature-based blockchain proxy authorization method:
in the delegation phase, the first user delegates a part of authority of the first user to the core node according to the requirement, and the delegation phase further comprises the following steps:
the first user is used as a principal and takes a public key pk1, a signature private key sk1 and a self-defined principal range w as input, and the core node is used as a principal and takes a public key pk2 and a signature private key sk2 of the core node as input;
according to the proxy process of proxy signature, a first user proxies the authority in the proxy range w to a core node;
the core node outputs (w, psk), wherein the psk is a entrusted signature private key corresponding to the entrusted range w, and the core node uses the psk to sign the message in the entrusted range;
in the application execution phase, the second user applies for the core node agent to execute corresponding operation, and the application execution phase further comprises:
the second user submits an application m to the core node and provides proving materials at the same time;
the core node authenticates the certification material of the second user, if the certification is not passed, the application is failed, and if the certification is passed, the core node checks whether the operation range applied by the second user is within the entrusting range w specified in the entrusting stage;
after the core node determines to have the corresponding authority, signing the application content m of the second user by using a delegation signature private key psk in a delegation stage, generating a proxy signature psig and then sending the psig to an intelligent contract;
and verifying whether the operation is in an authorized range by the intelligent contract, verifying whether the agency signature psig is correct by using the public key pk1 of the first user and the public key pk2 of the core node, and if the verification is passed, executing the operation of applying for m by the user by the intelligent contract.
7. The computer-readable medium of claim 6, wherein the custom delegation scope w includes, but is not limited to: range, age, and number of messages that can be signed.
8. The computer-readable medium of claim 6, wherein the delegation process for a user to delegate authority within the delegation scope w to the core node is associated with a proxy signature, and is interactive or non-interactive.
9. The computer-readable medium of claim 6, wherein the first user and the second user may be the same user; or may be a different user where the second user is a related user to the first user of the commitment.
10. The computer-readable medium of claim 6, wherein the process of verifying whether the smart contract operation is within the scope of authority refers to verifying whether R (m, w) ═ 1 is correct, wherein the binary relationship R represents a relationship between the application m and the scope of authority w, R (m, w) ═ 1 represents that m is within the scope of authority defined by w, and R (m, w) ═ 0 represents that m is not within the scope of authority defined by w.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710475320.6A CN109104396B (en) | 2017-06-21 | 2017-06-21 | Block chain agent authorization method and medium based on agent signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710475320.6A CN109104396B (en) | 2017-06-21 | 2017-06-21 | Block chain agent authorization method and medium based on agent signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109104396A CN109104396A (en) | 2018-12-28 |
| CN109104396B true CN109104396B (en) | 2021-03-16 |
Family
ID=64796220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710475320.6A Active CN109104396B (en) | 2017-06-21 | 2017-06-21 | Block chain agent authorization method and medium based on agent signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109104396B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI812574B (en) * | 2023-02-01 | 2023-08-11 | 中華電信股份有限公司 | Agent authorization system and agent authorization method using nft technology |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109922155B (en) * | 2019-03-18 | 2022-03-04 | 众安信息技术服务有限公司 | Method and device for realizing intelligent agent in block chain network |
| CN110009348B (en) * | 2019-03-25 | 2022-03-11 | 杭州秘猿科技有限公司 | Block chain proxy signature method and system and electronic equipment |
| CN110223085A (en) * | 2019-05-25 | 2019-09-10 | 深圳市元征科技股份有限公司 | A kind of data processing method, server and computer-readable medium |
| CN110177109B (en) * | 2019-06-04 | 2020-05-12 | 北京理工大学 | Double-proxy cross-domain authentication system based on identification password and alliance chain |
| CN110545177A (en) * | 2019-08-29 | 2019-12-06 | 北京艾摩瑞策科技有限公司 | Block chain private key signing method and device for life service platform user |
| CN110958223B (en) * | 2019-10-31 | 2023-03-24 | 百度在线网络技术(北京)有限公司 | Delegation authorization method, device, equipment and medium based on block chain |
| CN111104688B (en) * | 2019-11-13 | 2021-11-16 | 上海链颉科技有限公司 | Public and private key authority proxy method, system and storage medium based on block chain |
| CN111444273B (en) * | 2020-03-24 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Data authorization method and device based on block chain |
| CN111563273A (en) * | 2020-04-30 | 2020-08-21 | 中国银行股份有限公司 | Information verification method and related equipment |
| CN112100178B (en) * | 2020-09-08 | 2023-05-12 | 中国联合网络通信集团有限公司 | Delegation authorization verification method and system |
| CN114710507B (en) * | 2022-03-30 | 2023-10-27 | 蚂蚁区块链科技(上海)有限公司 | Consensus method, blockchain node, medium and consensus node |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1719765A (en) * | 2005-08-03 | 2006-01-11 | 武汉理工大学 | Safety reliable controllable authorization electronic autographing method |
| CN1737721A (en) * | 2005-08-03 | 2006-02-22 | 武汉理工大学 | Authorization controlled electronic signature method based on elliptical curve |
| CN101262344A (en) * | 2008-04-25 | 2008-09-10 | 武汉理工大学 | An efficient quick authorization electronic signature method |
| CN101267296A (en) * | 2008-04-25 | 2008-09-17 | 武汉理工大学 | An efficient authorization electronic signature method without authentication center |
| CN102404726A (en) * | 2011-11-18 | 2012-04-04 | 重庆邮电大学 | Distributed control method for information of accessing internet of things by user |
| CN103596167A (en) * | 2013-10-25 | 2014-02-19 | 西安电子科技大学 | Machine-type communication authentication and key agreement method based on proxy |
| CN103870724A (en) * | 2012-12-12 | 2014-06-18 | 财团法人资讯工业策进会 | Main management device, agent management device, electronic device and authorization management method |
| CN106097006A (en) * | 2016-06-09 | 2016-11-09 | 杭州复杂美科技有限公司 | Block chain charge mode |
| CN106570681A (en) * | 2016-10-28 | 2017-04-19 | 山东明和软件有限公司 | Anti-tampering private fund electronic contract signing system and method based on block chain |
| CN106845960A (en) * | 2017-01-24 | 2017-06-13 | 上海亿账通区块链科技有限公司 | Method for secure transactions and system based on block chain |
-
2017
- 2017-06-21 CN CN201710475320.6A patent/CN109104396B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1719765A (en) * | 2005-08-03 | 2006-01-11 | 武汉理工大学 | Safety reliable controllable authorization electronic autographing method |
| CN1737721A (en) * | 2005-08-03 | 2006-02-22 | 武汉理工大学 | Authorization controlled electronic signature method based on elliptical curve |
| CN101262344A (en) * | 2008-04-25 | 2008-09-10 | 武汉理工大学 | An efficient quick authorization electronic signature method |
| CN101267296A (en) * | 2008-04-25 | 2008-09-17 | 武汉理工大学 | An efficient authorization electronic signature method without authentication center |
| CN102404726A (en) * | 2011-11-18 | 2012-04-04 | 重庆邮电大学 | Distributed control method for information of accessing internet of things by user |
| CN103870724A (en) * | 2012-12-12 | 2014-06-18 | 财团法人资讯工业策进会 | Main management device, agent management device, electronic device and authorization management method |
| CN103596167A (en) * | 2013-10-25 | 2014-02-19 | 西安电子科技大学 | Machine-type communication authentication and key agreement method based on proxy |
| CN106097006A (en) * | 2016-06-09 | 2016-11-09 | 杭州复杂美科技有限公司 | Block chain charge mode |
| CN106570681A (en) * | 2016-10-28 | 2017-04-19 | 山东明和软件有限公司 | Anti-tampering private fund electronic contract signing system and method based on block chain |
| CN106845960A (en) * | 2017-01-24 | 2017-06-13 | 上海亿账通区块链科技有限公司 | Method for secure transactions and system based on block chain |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI812574B (en) * | 2023-02-01 | 2023-08-11 | 中華電信股份有限公司 | Agent authorization system and agent authorization method using nft technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109104396A (en) | 2018-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109104396B (en) | Block chain agent authorization method and medium based on agent signature | |
| US11743052B2 (en) | Platform for generating authenticated data objects | |
| CN110046996B (en) | Data processing method and device | |
| CN108781161B (en) | Method for controlling and distributing blockchain implementation of digital content | |
| KR102009160B1 (en) | Information trust engine system based on block-chain | |
| US10833873B2 (en) | Credential-based authorization | |
| CN114207643A (en) | System and method for blockchain management | |
| CN109614813B (en) | Privacy transaction method and device based on block chain and application method and device thereof | |
| TW201944757A (en) | Computer-implemented system and method suitable for increasing the security of instant off-line blockchain transactions | |
| WO2020051710A1 (en) | System and process for managing digitized security tokens | |
| US11777728B2 (en) | Systems and methods for blockchain transactions with offer and acceptance | |
| US11909889B2 (en) | Secure digital signing | |
| CN111049806B (en) | Joint authority control method and device, electronic equipment and storage medium | |
| MX2012011105A (en) | Certificate authority. | |
| US20160359633A1 (en) | System and method for publicly certifying data | |
| CN114760071B (en) | Zero-knowledge proof based cross-domain digital certificate management method, system and medium | |
| Boontaetae et al. | RDI: Real digital identity based on decentralized PKI | |
| JP2022552420A (en) | Distributed ledger based method and system for certificate authentication | |
| CN115345729A (en) | Credit card issuing method and device, electronic equipment and storage medium | |
| Geer et al. | Split-and-delegate: Threshold cryptography for the masses | |
| KR102484533B1 (en) | Method for Issuing Verifiable Credential Including Digital Certificate and Authenticating Method Using the Same | |
| US20230318811A1 (en) | Method and apparatus for verifying user credentials | |
| CN110188550B (en) | Block chain data verification method and device | |
| US20230267457A1 (en) | Privacy preserving asset transfer between networks | |
| CN115632794A (en) | Distributed digital identity verification system, method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230412 Address after: 200127 2nd floor, building 10, Lujiazui Software Park, 91 Eshan Road, Pudong New Area, Shanghai Patentee after: SHANGHAI JUZIX FINANCE INFORMATION SERVICES CO.,LTD. Patentee after: WUHAN University Address before: 200127 2nd floor, building 10, Lujiazui Software Park, 91 Eshan Road, Pudong New Area, Shanghai Patentee before: SHANGHAI JUZIX FINANCE INFORMATION SERVICES CO.,LTD. |