CN112787818A - User authentication system and method based on anonymous protocol, and recording medium - Google Patents

User authentication system and method based on anonymous protocol, and recording medium Download PDF

Info

Publication number
CN112787818A
CN112787818A CN202011097329.6A CN202011097329A CN112787818A CN 112787818 A CN112787818 A CN 112787818A CN 202011097329 A CN202011097329 A CN 202011097329A CN 112787818 A CN112787818 A CN 112787818A
Authority
CN
China
Prior art keywords
private
user
pseudo
public key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011097329.6A
Other languages
Chinese (zh)
Other versions
CN112787818B (en
Inventor
李壬永
罗镜进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industry Academy Cooperation Foundation of Soonchunhyang University
Original Assignee
Industry Academy Cooperation Foundation of Soonchunhyang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industry Academy Cooperation Foundation of Soonchunhyang University filed Critical Industry Academy Cooperation Foundation of Soonchunhyang University
Publication of CN112787818A publication Critical patent/CN112787818A/en
Application granted granted Critical
Publication of CN112787818B publication Critical patent/CN112787818B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9014Indexing; Data structures therefor; Storage structures hash tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3257Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Abstract

The invention discloses a user authentication system and a method based on an anonymous protocol, which are used for executing a recording medium of the user authentication system. An anonymous protocol-based user authentication system according to an aspect of the present invention includes: a private blockchain server for managing a user by issuing and managing a public key certificate of the user, and issuing a pseudo ID through an Anonymous credence System (Anonymous credentialing System) according to a request of the user; the system comprises a user terminal, a private block chain server and a public block chain server, wherein the user terminal generates a key pair of a public key and a private key, registers a path public key, the public key and user information to obtain a public key certificate, executes user authentication by using a message containing the public key and the private key and the public key certificate, and participates in requesting the private block chain server to issue a pseudo ID (pseudo ID); and a federation blockchain incorporating more than one private blockchain.

Description

User authentication system and method based on anonymous protocol, and recording medium
Technical Field
The present invention relates to a system and a method for authenticating a user based on an anonymous protocol in a licensed block chain, and a recording medium for executing the same, and more particularly, to a system and a method for authenticating a user based on an anonymous protocol in a licensed block chain, in which privacy is enhanced by an anonymous protocol in the licensed block chain, and a recording medium for executing the same, when authenticating the user.
Background
Recently, the block chain has been applied to many applications because of its decentralization, transparency, and expandability. Wherein the licensed blockchain is implemented by participation of the member whose identity is licensed, i.e. the member who has confirmed. Thus, a private block chain or a federation block chain (Consortium Blockchain) composed of these block chains is constructed.
The local chain is a system using a Public Key (Public Key) and a Private Key (Private Key) corresponding to the Public Key, and most of the licensed block chains can perform user authentication through a Public Key certificate of a Public Key Infrastructure (Public Key Infrastructure, hereinafter referred to as PKI). However, if the central centralized form is generated again in the process of issuing a certificate and verifying validity, a problem of a single centralized attack occurs. To solve this problem, block chain-based Distributed Public Key Infrastructure (DPKI) and distributed Identity authentication (DID) have been also attracting attention in recent user authentication. If the DPKI is a valid document bound by the user ID and the user public key, the DID is generated from the device authentication of the user and is verified through a blockchain, so that the identity is called the self-ownership identity. This is as if cash was taken from an individual's wallet, securely providing the personal identity information stored in the device to ensure authentication. However, privacy such as user authentication in one group of the federation Blockchain (Consortium Blockchain), i.e., the private Blockchain, and user inference by the same identifier in a later group of ledgers is caused. Therefore, the user identities of the private blockchain and the federation blockchain need to be separated for connectivity. For this reason, this requirement may be satisfied using a pseudonym such as a pseudo id (pseudo id). However, there are many problems such as management of pseudo id (pseudo id) and many security attacks. Also, complete Anonymity (Anonymity) of the licensed blockchain can prevent liability verification of malicious members in the licensed blockchain, depending on the circumstances. However, the prior art of repeated user authentication, key distribution, and signing of a single agent can result in inefficiencies. Therefore, a user authentication method for improving privacy on a licensed blockchain is required.
Documents of the prior art
Patent document
Patent document 1: korean laid-open patent No. 2018-0129027 (published in 2018, 12 months and 05 days)
Disclosure of Invention
Problems to be solved by the invention
The present invention is made to solve the above-mentioned problems, and an object of the present invention is to provide a user authentication System based on an Anonymous protocol in a licensed block chain, a method thereof, and a recording medium for executing the same, which can improve privacy of a user by using a pseudo id (pseudonym id) of an Anonymous Credential System (Anonymous Credential System) and an Open Transfer Keyword Search (OTKS) through the Anonymous protocol in a licensed block chain environment.
Other objects and advantages of the present invention will be understood from the following description, and will be apparent from an embodiment of the present invention. In addition, it is to be understood that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
Means for solving the problems
In order to achieve the above object, according to one aspect of the present invention, an anonymous agreement-based user authentication system in a licensed block chain includes: a private blockchain server for managing a user by issuing and managing a public key certificate of the user, and issuing a pseudo ID through an Anonymous credence System (Anonymous credentialing System) according to a request of the user; the system comprises a user terminal, a private block chain server and a public block chain server, wherein the user terminal generates a key pair of a public key and a private key, registers a path public key, the public key and user information to obtain a public key certificate, executes user authentication by using a message containing the public key and the private key and the public key certificate, and participates in requesting the private block chain server to issue a pseudo ID (pseudo ID); and a federation blockchain incorporating more than one private blockchain.
The private blockchain server issues the dummy id (pseudo id) and a ciphertext of a Keyword including the dummy id (pseudo id) to a federation blockchain through an overhead and lost transmission Keyword Search (OTKS).
In order to achieve the above object, according to another aspect of the present invention, a method for authenticating a user in a user authentication system based on an anonymous agreement in a licensed block chain includes: the user terminal and the private block chain server use the public parameters to generate the initial setting and key generation steps of the public key and the private key; a step in which a user terminal requests to issue a public key certificate and a Pseudo ID (Pseudo ID) together, and a private blockchain server generates a Pseudo ID List (Pseudo ID List) and manages the Pseudo ID List and user information together; a step in which the private blockchain server acquires the managed user information and a pseudo ID (pseudo ID) corresponding to the managed user information from a Public Key Infrastructure (PKI) of the user, and searches for (OTKS) and issues a alliance blockchain by using a ubiquitous transmission Keyword; and a step in which the private blockchain server integrates the issued information and issues the integrated information to a transmission part of the federation blockchain.
The invention is characterized in that the steps of the initial setting and the key generation for the user terminal and the private block chain server to generate the public key and the key by using the public parameter comprise: the private block chain server performs initial setting and generates a public key and a universal key through the process of setting the public key and the private key; a step of generating a public key and a private key based on an Elliptic Curve password (ECC) by the user terminal; a step that the user terminal issues a public key certificate through the self identifier and the public key request; and the step that the private block chain server keeps the identity information of the user and signs the private key of the private block chain server on the corresponding public key and the public key certificate and then issues the private block chain server.
The present invention is characterized in that the step of the user terminal requesting to issue a public key certificate together with a Pseudo ID (Pseudo ID), and the step of the private blockchain server generating a Pseudo ID List (Pseudo ID List) and managing the Pseudo ID List together with the user information comprises: a step that a user terminal requests a pseudo ID list from a private blockchain server while requesting a public key certificate; verifying the certificate by the private block chain server through the public key of the user and the public key verification value; a step that the private block chain server generates a pseudo ID (pseudo ID) as a transaction of a block chain of the alliance through a Trapdoor (Trpdoor) of a user and a lost transmission Keyword Search (OTKS) of the pseudo ID list; and a step in which the user terminal acquires a pseudo ID (pseudo ID) through the commit of the hidden door and the lost transmission (OT).
The present invention is characterized in that the step of the private blockchain server acquiring the managed user information and the corresponding pseudo id (pseudo id) from the Public Key Infrastructure (PKI) of the user, and retrieving (OTKS) and issuing the federation blockchain by using the ubiquitous transmission Keyword includes: a step that the user terminal conducts transaction on a pseudo ID (pseudo ID) and a private key acquired by the ubiquitous transmission Keyword Search (OTKS), a value for hashing the message, and the message and issues the message to a private block chain server; and a step of verifying the information by the private blockchain server and signing the information acquired from the plurality of users by using the private key of the private blockchain server.
The present invention is characterized in that the step of the private blockchain server integrating the issued information and issuing the integrated information to the transfer unit of the federation blockchain includes: a step of requesting identity information of a user from a private blockchain server; a step of disclosing user information by a private block chain server through a Public Key Infrastructure (PKI) and a user information list of a pseudo ID (pseudo ID); a step of requesting connectivity as to whether or not acquired from the same user; and calculating and transmitting a Hash Path (Hash Path) of the private blockchain server.
Effects of the invention
According to an aspect of the present invention, there is an effect that a user performs user authentication by a pseudo id (pseudo id) based on an anonymous protocol, so that privacy can be secured by non-connectivity of the user.
The effects achievable by the present invention are not limited to the above-mentioned effects, and other effects not mentioned can be clearly understood by those skilled in the art from the following description.
Drawings
The drawings attached to the present specification illustrate preferred embodiments of the present invention, and together with the description of the preferred embodiments, serve to better understand the technical ideas of the present invention, and should not be construed as limiting the present invention to only the matters described in the drawings.
Fig. 1 is a schematic structural diagram of a user authentication system based on an anonymity protocol in a licensed block chain according to an embodiment of the present invention.
Fig. 2 is an example of a schematic structure of an Anonymous credentialing System (Anonymous credentialing System) according to an embodiment of the present invention.
Fig. 3 is an example of a schematic structure of a user authentication system based on an anonymity protocol in a licensed block chain according to an embodiment of the present invention.
Fig. 4 is an example of a scenario of anonymous protocol based user authentication in a licensed block chain according to an embodiment of the present invention.
Description of reference numerals:
100: a private blockchain server;
200: a user terminal;
300: federation blockchains.
Detailed Description
The above objects, features and advantages will be further apparent from the accompanying drawings and the following detailed description thereof, whereby the technical idea of the present invention can be easily implemented by those skilled in the art. In addition, in explaining the present invention, detailed descriptions thereof will be omitted if it is judged that the detailed descriptions of the related art related to the present invention may unnecessarily obscure the gist of the present invention. Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.
When a certain component is referred to as being "included" in a certain portion throughout the specification, unless otherwise specified, it means that the other component is not excluded, and may be included. The term "…" or the like as used herein refers to a unit that processes at least one function or operation, and may be realized by hardware, software, or a combination of hardware and software.
Fig. 1 is a schematic structural diagram of a user authentication system based on an anonymity protocol in a licensed block chain according to an embodiment of the present invention. Fig. 2 is an example of a schematic structure of an Anonymous credentialing System (Anonymous credentialing System) according to an embodiment of the present invention. Fig. 3 is an example of a schematic structure of a user authentication system based on an anonymity protocol in a licensed block chain according to an embodiment of the present invention. Fig. 4 is an example of a scenario of anonymous protocol based user authentication in a licensed block chain according to an embodiment of the present invention.
Before describing embodiments of the present invention, the following definitions will be given to the symbols referred to in the following.
P: a Private Blockchain (Private Blockchain) server;
u: a user;
list [ i ]: pseudo ID List (Pseudo ID List);
PKp,SKppublic key and Private key of Private block chain (Private Block chain) server;
PKUi,SKUi: public key and private key of user;
IDUi: an identifier of the user;
AU: identity data of the user;
AN: the identity data number of the user;
Ci: cryptographic data of pseudo id (pseudo id);
Ki: pseudo id (pseudo id) data key set (set);
BF: bloom filter (Bloom filter) message hash value;
h: a hash function;
tx: trading;
meklev: merkle Root Value (Merkle Tree Root Value).
Referring to fig. 1, the anonymous-protocol-based user authentication system in a licensed blockchain according to the present embodiment includes a private blockchain server 100, a user terminal 200, and a federation blockchain 300. In describing the present embodiment, the structures included in the above system are connected through a private blockchain network N.
The private blockchain server 100 manages the user by issuing and managing a public key certificate of the user, and issues a pseudo id (pseudo id) through an Anonymous credentialing System (refer to fig. 2) according to the user request.
Private blockchain server 100 may retrieve (OTKS) dummy ids (pseudo ids) and keys containing the dummy ids (pseudo ids) and ciphertexts to publish them to federation blockchain 300 through trapdoors and lost transport keys. The private blockchain server 100 provides the public key identity information together with the pseudo ID through an over-the-air Transfer key Search (OTKS), thereby minimizing exposure of the information Keyword, and increasing the output size of the ciphertext by only the amount equivalent to the Keyword, so that the ciphertext can be issued more safely and efficiently. Thus, only a valid user can acquire a pseudo ID through the trapdoor, authentication of the user is guaranteed through the federation blockchain 300 for content published by the private blockchain server 100, and anonymity is increased by destroying connectivity of the user through the pseudo ID, so that privacy can be guaranteed.
The user terminal 200 generates a key pair of a public key and a private key, registers a path public key, the public key, and user information to obtain a public key certificate, performs user authentication using a message containing the public key and the private key and the public key certificate, and participates in a private blockchain requesting issuance of a pseudo id (pseudo id) to the private blockchain server 100.
Federation blockchain 300 incorporates more than one private blockchain.
An example of a user authentication method of the user authentication system based on the anonymous protocol in the licensed block chain is described below (see fig. 3 and 4).
First, in the initial setting and key generation step, the user terminal and the private blockchain server can generate a public key or a private key by using a public parameter. Thereafter, at an early stage, a registration procedure is performed in the private blockchain server, which can manage user information. The specific procedure of the initial setting and password generation step is as follows.
< the following >
Step 1, the private block chain server performs initial setting and generates a public key and a universal key through the process of setting the public key and the private key. In this case, the following equation 1 can be applied.
[ mathematical formula 1 ]
Figure BDA0002724177340000071
Figure BDA0002724177340000072
Selecting bilinear mapping (bilinear pairing) groups G1 and G2, and selecting constructors (constructors) P1 and P2 from bilinear coordinates e and G1.
G-e (P1, P1), h-e (P1, P2).
And 2, the user terminal can generate a one-time public key, a private key and a public key verification value based on an Elliptic Curve password (ECC). In this case, the following equation 2 can be applied.
[ mathematical formula 2 ]
PKUi=SKUi*G
Figure BDA0002724177340000081
Step 3, the user terminal passes the self identifier and the public key (ID)Ui,σUi,t0,PKUi) Requesting issuance of a public key certificate.
And 4, the private block chain server keeps the identity information of the user and signs and issues the private key of the private block chain server on the public key and the public key certificate corresponding to the private block chain server.
Then, the user terminal requests to issue a public key certificate and also requests to issue a Pseudo ID (Pseudo ID), and the private blockchain server generates a Pseudo ID List (Pseudo ID List) to manage the identity information. The private Blockchain server distributes a Pseudo ID List (Pseudo ID List) through a federation Blockchain (Consortium Blockchain) by blindly transmitting a Keyword Search (OTKS), and a user can minimize exposure of the Keyword and securely obtain the Keyword. The detailed process including the above steps is as follows.
< the following >
Step 1, a user terminal requests a Pseudo ID List (Pseudo ID List) from a private blockchain server while requesting a public key certificate.
And 2, the private block chain server verifies the certificate through the public key of the user and the public key verification value.
And 3, generating the pseudo ID (pseudo ID) into a transaction of a alliance block chain (Consortium Blockchain) by the private block chain server through a Trapdoor (Trpdoor) of a user and an Open Transmission Keyword Search (OTKS) for the pseudo ID (pseudo ID) list. In this case, the following equations 3 and 4 can be applied.
[ mathematical formula 3 ]
Figure BDA0002724177340000082
Pseudo-list L [ i ]]=L1,...,LpK is a set of keywordsi=k1,...,kn,1≤i≤n
[ mathematical formula 4 ]
PK,Au,IDU→E(SKP,PK,AU)
s∈ZP(generating random value)
Ci=E(s,M1,k1),...,E(s,Mn,kn)
And 4, the user terminal acquires the pseudo ID (pseudo ID) through a trap door (Trapdoor) and submission (Commit) of the broadcast transmission (OT).
Then, in the step of issuing and using pseudo id (pseudo id), the private Blockchain server generates the managed identity information and the pseudo id (pseudo id) corresponding to the managed identity information from the Public Key Infrastructure (PKI) of the user terminal, and issues the identity information and the pseudo id (pseudo id) through the Overhead Transfer Key Search (OTKS) and the federation Blockchain (Consortium Blockchain). A more detailed process including the above steps is as follows.
< the following >
Step 1, the user terminal conducts transaction on the pseudo ID (pseudo ID) and the private key obtained by the ubiquitous transmission Keyword Search (OTKS), the hashed value of the message, and issues the message to the private block chain server. In this case, the following equation 5 is applied.
[ math figure 5 ]
Figure BDA0002724177340000091
And 2, the private block chain server verifies the message and signs the information acquired from the plurality of users by using a private key of the private block chain server.
The private blockchain server then integrates the above-mentioned published information and publishes it to the transfer section of the federation blockchain. At this time, the following mathematical formulae 6 to 8 may be applied.
Step 1. the requester requests the identity information of the user from the private blockchain server.
[ mathematical formula 6 ]
AU*Saticifies PKI?→AK
AK=e(gz,C2)/e(C1,(Πj∈Sgi)s)=e(g,g)zs
And 2, the private block chain server publishes the identity information through a Public Key Infrastructure (PKI) and a user identity information list of pseudo ID (pseudo ID).
[ mathematical formula 7 ]
PKuv(AK)
Step 3. the requester can request connectivity as to whether or not it is obtained from the same user. A Bloom Filter (Bloom Filter) is used to output a false positive set of federation Blockchain (Consortium Blockchain) messages. The bloom filter may now be a probabilistic data structure for identifying a set.
And 4, calculating and transmitting a set of Bloom filters (Bloom filters) of the requester and a Hash Path (Hash Path) of the private blockchain server with the false alarm by the participation node of the private blockchain network.
[ mathematical formula 8 ]
BF=(h1,tx1),...,(hn,txn)=?merkle v
meklev=HT(MBF2i-1)||(MBF2i)
According to the present invention as described above, non-connectivity of users is provided through an Anonymous credentialing System (Anonymous credentialing System) and pseudo id (pseudo id), so that privacy is guaranteed through Anonymity (Anonymity). At this time, the user may secretly obtain the pseudo id (pseudo id) through an Open Transport Key Search (OTKS), and provide publicity according to the identity information of the user provided by the requester by using a Public Key Infrastructure (PKI) of the Private block chain, or provide connectivity according to a plurality of nodes of the Private block chain (Private block chain) simply providing information about the same user, so as to ensure privacy when the user authenticates.
That is, the present invention as described above can satisfy various security requirements such as collusion attack, replay attack, man-in-the-middle attack, Sybil attack (Sybil attack), etc., and can improve privacy of a user by releasing connectivity of the user by using a pseudo id (pseudo id) and providing the user with disclosure and connectivity according to circumstances. In addition, by using the pseudo ID of the Anonymous Credential System (Anonymous credentialing System), user authentication is efficiently performed by authentication of the private blockchain server without the steps of interactive zero knowledge proof, repeated authentication, and the like.
The method according to the embodiment of the present invention may be implemented in an application program or in the form of program commands executable by various computer constituent elements, and recorded in a computer-readable recording medium. The computer-readable recording medium described above may include program instructions, data files, data structures, etc. alone or in combination. The program instructions recorded on the above-mentioned computer-readable recording medium may be specially designed and constructed for the present invention, or may be publicly known to practitioners of computer software. The computer readable recording medium may be hard disk, floppy disk, magnetic tape and other magnetic medium; optical recording media such as CDROM and DVD; magneto-optical media (magnetic-optical media) such as optical disks (optical disks), and specially constructed hardware devices such as ROMs, RAMs, flash memories, etc., that can store and execute program instructions. Examples of program instructions include not only machine language code, such as produced by a compiler, but also high-level language code that may be executed by the computer using an interpreter or the like. The hardware devices described above are arranged to operate as one or more software modules to implement the processes of the present invention and vice versa.
Although this specification contains many specificities, these should not be construed as limiting the scope of the invention or of the claims. In addition, features which are described in the context of separate embodiments in this specification can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment of the specification can be implemented in multiple embodiments separately or in any suitable combination.
The operations in the figures are illustrated in a particular order, but it is not to be understood that the operations are performed in the particular order illustrated, or in a sequential order, or that all illustrated operations are performed, to achieve desirable results. Multitasking and parallel processing may be advantageous in certain circumstances. Meanwhile, the distinction between the various system constituent elements in the above-described embodiments is not to be understood as requiring such distinction in all embodiments. The application components and systems described above are typically implemented as packages on a single application software product or multiple software products.
The present invention described above is not limited to the above-described embodiments and drawings, and those skilled in the art can make various substitutions, modifications, and changes without departing from the technical spirit of the present invention.

Claims (8)

1. A user authentication system based on an anonymous protocol, comprising:
the private block chain server manages the user by issuing and managing a user public key certificate, and issues a pseudo ID through an anonymous credential system according to the request of the user;
the user terminal generates a key pair of a public key and a private key, registers a path public key, the public key and user information to obtain a public key certificate, executes user authentication by using a message containing the public key and the private key and the public key certificate, and participates in a private block chain which requests the private block chain server to issue a pseudo ID; and
a federation blockchain incorporating more than one private blockchain.
2. An anonymous protocol based user authentication system as defined in claim 1,
the private blockchain server searches the pseudo ID through a trapdoor and a ubiquitous transmission key, and issues the pseudo ID and a ciphertext containing the pseudo ID and the key to the block chain of the alliance.
3. A user authentication method based on an anonymous protocol is characterized by comprising the following steps:
the user terminal and the private block chain server use the public parameters to generate the initial setting and key generation steps of the public key and the private key;
a step that the user terminal requests to issue a public key certificate and a pseudo ID together, and the private block chain server generates a pseudo ID list and manages the pseudo ID list together with user information;
a step of acquiring, by a private blockchain server, managed user information and a pseudo ID corresponding to the user information from a public key infrastructure of a user, and passing the pseudo ID through a blank transmission keyword search and a federation blockchain issue; and
and a step of integrating the issued information by the private blockchain server and issuing the information to a transmission part of the alliance blockchain.
4. The anonymous-protocol-based user authentication method as set forth in claim 3, wherein the initialization and key generation steps for the user terminal and the private blockchain server to generate the public key and the secret key using the public parameters include:
the private block chain server performs initial setting and generates a public key and a universal key through the process of setting the public key and the private key;
a step that the user terminal generates a public key and a private key based on the elliptic curve password;
a step that the user terminal issues a public key certificate through the self identifier and the public key request; and
and the private blockchain server stores the identity information of the user and signs the private key of the private blockchain server on the public key and the public key certificate corresponding to the identity information and then issues the private key.
5. The anonymous-protocol-based user authentication method as set forth in claim 3, wherein the user terminal requests to issue a public key certificate together with the pseudo ID, and the step of the private blockchain server generating the pseudo ID list and managing it together with the user information comprises:
a step that a user terminal requests a pseudo ID list from a private blockchain server while requesting a public key certificate;
verifying the certificate by the private block chain server through the public key of the user and the public key verification value;
the private block chain server searches the pseudo ID list through a trap door and a disappearing transmission keyword of a user, and generates the pseudo ID as the transaction of the alliance block chain; and
and the user terminal acquires the pseudo ID through the trap door and the presentation of the casual transmission.
6. The anonymous-protocol-based user authentication method as set forth in claim 3, wherein the step of the private blockchain server obtaining the managed user information and the pseudo ID corresponding to the user information from a public key infrastructure of the user, and retrieving the pseudo ID from the casual transmission key to the federation blockchain issuer comprises:
the user terminal conducts transaction on the pseudo ID and the private key acquired through the vast transmission keyword retrieval, the hash value of the message and issues the message to the private block chain server; and
and the private blockchain server verifies the information and signs the information acquired from the plurality of users by using the private key of the private blockchain server.
7. The anonymous protocol based user authentication method of claim 3, wherein the step of the private blockchain server integrating the issued information together and issuing to a transfer of a federation blockchain comprises:
a step of requesting identity information of a user from a private blockchain server;
a step of disclosing user information by a private block chain server through a public key infrastructure and a user information list of a pseudo ID;
a step of requesting connectivity as to whether or not acquired from the same user; and
and calculating and transmitting the hash path of the private blockchain server.
8. A computer-readable recording medium having recorded thereon a computer program for executing the anonymous protocol-based user authentication method according to any one of claims 3 to 7.
CN202011097329.6A 2019-11-07 2020-10-14 User authentication system and method based on anonymous protocol, and recording medium Active CN112787818B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020190141532A KR102330012B1 (en) 2019-11-07 2019-11-07 Authentication System and Method based on anonymous protocol in Permissioned Blockchain, Recording Medium for Performing the Method
KR10-2019-0141532 2019-11-07

Publications (2)

Publication Number Publication Date
CN112787818A true CN112787818A (en) 2021-05-11
CN112787818B CN112787818B (en) 2023-09-26

Family

ID=75750525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011097329.6A Active CN112787818B (en) 2019-11-07 2020-10-14 User authentication system and method based on anonymous protocol, and recording medium

Country Status (2)

Country Link
KR (1) KR102330012B1 (en)
CN (1) CN112787818B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989309A (en) * 2021-05-21 2021-06-18 统信软件技术有限公司 Login method, authentication method and system based on multi-party authorization and computing equipment
CN115208669A (en) * 2022-07-16 2022-10-18 中软航科数据科技(珠海横琴)有限公司 Distributed identity authentication method and system based on block chain technology
WO2023010688A1 (en) * 2021-08-04 2023-02-09 深圳前海微众银行股份有限公司 Key management method and apparatus

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102480890B1 (en) 2022-06-03 2022-12-22 가천대학교 산학협력단 The Method of Managing Health Care Information Using Permissioned Blockchain Technology
CN115250205B (en) * 2022-09-22 2023-01-24 湖北省楚天云有限公司 Data sharing method and system based on alliance chain, electronic device and storage medium
CN116418602B (en) * 2023-06-09 2023-08-25 武汉大学 Metadata protection anonymous communication method and system based on trusted hardware

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650073A (en) * 2018-05-07 2018-10-12 浙江工商大学 A kind of secret protection price competing method based on block chain
CN108737436A (en) * 2018-05-31 2018-11-02 西安电子科技大学 Based on the cross-domain services device identity identifying method for trusting alliance's block chain
US20190036932A1 (en) * 2017-07-26 2019-01-31 International Business Machines Corporation Blockchain authentication via hard/soft token verification

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180057468A (en) * 2016-11-21 2018-05-30 고려대학교 산학협력단 Hybrid pki-based drone authentication system and drone management server
KR102016730B1 (en) 2017-05-24 2019-09-03 라온시큐어(주) Authentification methods and system based on programmable blockchain and one-id

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190036932A1 (en) * 2017-07-26 2019-01-31 International Business Machines Corporation Blockchain authentication via hard/soft token verification
CN108650073A (en) * 2018-05-07 2018-10-12 浙江工商大学 A kind of secret protection price competing method based on block chain
CN108737436A (en) * 2018-05-31 2018-11-02 西安电子科技大学 Based on the cross-domain services device identity identifying method for trusting alliance's block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
AIQING ZHANG: "Towards Secure and Privacy-Preserving Data Sharing in e-Health Systems via Consortium Blockchain", THE JOURNAL OF MEDICAL SYSTEM *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989309A (en) * 2021-05-21 2021-06-18 统信软件技术有限公司 Login method, authentication method and system based on multi-party authorization and computing equipment
WO2023010688A1 (en) * 2021-08-04 2023-02-09 深圳前海微众银行股份有限公司 Key management method and apparatus
CN115208669A (en) * 2022-07-16 2022-10-18 中软航科数据科技(珠海横琴)有限公司 Distributed identity authentication method and system based on block chain technology
CN115208669B (en) * 2022-07-16 2023-11-07 中软航科数据科技(珠海横琴)有限公司 Distributed identity authentication method and system based on blockchain technology

Also Published As

Publication number Publication date
KR20210055272A (en) 2021-05-17
KR102330012B1 (en) 2021-11-23
CN112787818B (en) 2023-09-26

Similar Documents

Publication Publication Date Title
Eltayieb et al. A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud
CN112787818B (en) User authentication system and method based on anonymous protocol, and recording medium
Chase et al. The signal private group system and anonymous credentials supporting efficient verifiable encryption
JP5562687B2 (en) Securing communications sent by a first user to a second user
Yu et al. Improved security of a dynamic remote data possession checking protocol for cloud storage
Sarfraz et al. Privacy aware IOTA ledger: Decentralized mixing and unlinkable IOTA transactions
Sun et al. Outsourced decentralized multi-authority attribute based signature and its application in IoT
Li et al. Privacy-preserving data utilization in hybrid clouds
KR20060097583A (en) Method and system for asymmetric key security
CN112235260B (en) Anonymous data storage method, device, equipment and storage medium
Yang et al. Publicly verifiable data transfer and deletion scheme for cloud storage
KR102465467B1 (en) The decentralized user data storage and sharing system based on DID
CN114503508A (en) Computer-implemented method and system for storing authenticated data on blockchains
Bakas et al. Multi-client symmetric searchable encryption with forward privacy
Etemad et al. Generic dynamic data outsourcing framework for integrity verification
Mishra et al. BB-tree based secure and dynamic public auditing convergence for cloud storage
CN110188545A (en) A kind of data ciphering method and device based on chain database
Aiash et al. A formally verified access control mechanism for information centric networks
Huynh et al. A reliability guaranteed solution for data storing and sharing
Urquidi et al. Attribute-based signatures with controllable linkability
Antony Saviour et al. IPFS based file storage access control and authentication model for secure data transfer using block chain technique
Wang et al. A blockchain-based conditional privacy-preserving authentication scheme for edge computing services
Namazi et al. zkFaith: Soonami's Zero-Knowledge Identity Protocol
Hölzl et al. Disposable dynamic accumulators: toward practical privacy-preserving mobile eIDs with scalable revocation
Liu et al. pRate: anonymous star rating with rating secrecy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant