CN114065253A - Method for anonymous sharing and verification of certificate and result - Google Patents
Method for anonymous sharing and verification of certificate and result Download PDFInfo
- Publication number
- CN114065253A CN114065253A CN202111382312.XA CN202111382312A CN114065253A CN 114065253 A CN114065253 A CN 114065253A CN 202111382312 A CN202111382312 A CN 202111382312A CN 114065253 A CN114065253 A CN 114065253A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- information
- key pair
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012795 verification Methods 0.000 title claims description 19
- 230000008520 organization Effects 0.000 claims abstract description 56
- 238000013475 authorization Methods 0.000 claims description 12
- 238000004422 calculation algorithm Methods 0.000 claims description 10
- 238000009795 derivation Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 9
- 238000012790 confirmation Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000007405 data analysis Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007621 cluster analysis Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 229940073619 encare Drugs 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/20—Education
Abstract
The embodiment of the invention discloses a method for sharing and verifying certificates and achievements anonymously, which comprises the following steps of obtaining a user registration request, obtaining a unique seed and storing the unique seed in a wallet of a user when receiving the registration request of the user; deriving two key pairs by using the unique seed, wherein the two key pairs are a user signature key pair and a user encryption key pair respectively; generating a symmetric key by using the user signature key pair, the user encryption key pair and the signature key of the organization; encrypting the electronic certificate of the user by using a symmetric key to generate first verifiable information and second verifiable information; and signing the first verifiable information and the second verifiable information by using a private key in a signature key pair of an organization and a signature private key in a signature key pair of a user, and uploading the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information.
Description
Technical Field
The embodiment of the invention relates to the field of anonymous sharing and verification of certificates and achievements, in particular to a method for anonymous sharing and verification of certificates and achievements.
Background
Except for universities and educational institutions certified by the ministry of education, students or users of lifelong educational products may be reluctant to give their own identity-sensitive information (particularly identification numbers) to third-party educational institutions, whereas personal identity information is essential information to prove that a certificate belongs to. There is a need for issuing an end-of-business certificate without disclosing the privacy of the user's identity, and others or organizations, businesses can verify the authenticity of the certificate and its integrity by the user. In addition, no matter the study or resume information or the subsequent lifelong education information evidence also belongs to personal privacy sensitive information, the system also has an anonymous protection function that the information on the chain evidence is not judged and tracked to a specific life track of a person by a third-party observer through some data analysis means. On the basis of ensuring the source information is truly and completely, the user can choose to disclose or not disclose certain academic, learning or resume information of the user to a third party (such as a school and a company).
At present, the patent application of certificate storage and anti-counterfeiting on the academic calendar chain is less. Some schemes realize a personal academic record information management method and system based on a block chain intelligent contract, and the technical points are that whether an academic record owner (student user) discloses own academic record information to a third-party organization in an agreeable way is received and checked through the intelligent contract, and inquiry information is returned to the third-party organization. The student user's academic information is bound with the personal identity information, and the organization proves its identity through its organization name, organization unique identification, etc. The mode of chain storage of the academic records through the blockchain technology for the third-party institution to check and verify is realized, the whole process is transparent and traceable and cannot be tampered, the authority of the institution user is limited through the intelligent contract, and only checking, editing, copying and the like can not be realized. However, the disadvantage is that, firstly, these solutions are in the relatively first-level exploration in the "blockchain + X" application, i.e. the public key is used as a certified address, the private key is used as a signature tool, and the query request is managed and authorized by the intelligent contract. Although this uplink mode can achieve the purpose of data anonymous uplink to some extent, the uplink address is the public key of the user, that is, the uplink addresses are unique, therefore, it can also be regarded as the unique id of the user on the blockchain system, and the third party observer (for example, other members not participating in transaction on the chain) can easily determine the basic information of the owner of the address by means of big data analysis such as cluster analysis, and if there are a lot of living and user data links in the future, after the links are interconnected, the address owner can be subjected to detailed data drawing, the identity of the address owner can be even judged in an extreme case, and the academic world and the industry have relatively uniform knowledge that the mode of using the unique address uplink mode transaction information is called pseudo-anonymous as well as public link items such as 'bitcoin'. Secondly, the calendars defined by the schemes are mainly used for higher education, student users enter universities for study through college entrance and obtain the calendars, research institutes and doctor calendars after graduation. The authentication and the authentication of the academic records can be inquired through a learning communication network, and meanwhile, a plurality of verification methods exist, although the possibility of counterfeiting exists, the narrow application scene can cause that the technology cannot be applied in reality.
Disclosure of Invention
Therefore, the embodiment of the invention provides a method for anonymously sharing and verifying certificates and results, so as to solve the problems that in the prior art, the user certificate cannot be distinguished from authenticity and the user does not want to disclose certificate information.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of the embodiments of the present invention, a method for anonymously sharing certificates and results is characterized in that: comprises the following steps
Acquiring a user registration request, and acquiring a unique seed and storing the unique seed in a wallet of the user when the user registration request is received;
deriving two key pairs by using the unique seed, wherein the two key pairs are a user signature key pair and a user encryption key pair respectively;
generating a symmetric key using the user signing key pair, the user encryption key pair, and a signing key of an organization;
encrypting the electronic certificate of the user by using the symmetric key to generate first verifiable information and second verifiable information;
and signing the first verifiable information and the second verifiable information by using a private key in a signature key pair of the organization and a signature private key in a signature key pair of the user, and uploading the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information.
Further, before generating the symmetric key by using the signature key pair of the user, the encryption key pair of the user, and the signature key pair of the organization, an acquiring authorization is required, where the acquiring authorization specifically includes:
acquiring an application request of an organization, and sending an authorization request to the user after receiving the application request of the organization;
obtaining the authorization confirmation information after the user confirms authorization;
and after receiving the authorization confirmation information, sending the public key of the user signature key pair and the public key of the user encryption key pair to the client of the organization.
Further, the generating a symmetric key by using the signature key pair of the user, the user encryption key pair and the signature key of the organization specifically includes:
generating C _ enc by a private key of a signature key pair of the organization, a public key of the user encryption key pair and an elliptic curve algorithm;
c _ enc generates a symmetric key through a key derivation function;
encrypting the electronic certificate and the random number by using the symmetric key to obtain encrypted first verifiable information;
and calculating the hash value of the public key and the electronic certificate in the user signature key pair to obtain encrypted second verifiable information.
Further, the signing the first verifiable information and the second verifiable information with a private key of a signing key pair of the organization and a private signing key of a signing key pair of the user, and uploading the electronic certificate of the user, the signed first verifiable information, and the signed second verifiable information specifically includes:
generating a random seed and computing a first hash value of the random seed, first verifiable information, and a public key of the authority signature key pair:
calculating a hash value of a private key and a first hash value in the user signature key pair to obtain a second hash value, and attaching the second hash value to an electronic certificate information column of the transaction;
packaging the public key in the electronic certificate information column and the agency signature key pair and the information needing to be linked up into signature information to be constructed;
signing the information to be signed by using a private key in the user signature key pair, and attaching the signed information to a transaction;
and generating uplink transaction information according to the signed information, calculating a third hash value of the uplink transaction information, and taking the third hash value as an address uplink.
According to a second aspect of the embodiments of the present invention, a method for verifying an electronic certificate, a method for sharing a certificate and a result anonymously, when an electronic certificate and second verifiable information sent by the user are acquired, verification information is returned to the organization.
Further, when the electronic certificate and the second verifiable information sent by the user are obtained, returning verification information to the organization specifically includes:
obtaining a certificate of authenticity request of the organization;
acquiring a private key in the user encryption key pair and a public key in the signature key pair of the organization and generating C _ enc by an elliptic curve algorithm;
the C _ enc generates a symmetric key through a key derivation function;
decrypting the encrypted electronic certificate by using the symmetric key and the first verifiable information to obtain decrypted electronic certificate information;
and calculating a public key in the user signature key pair and the hash value of the electronic certificate, comparing the public key with the second verifiable information, and sending a certificate document or certificate information to the organization when the public key in the user signature key pair and the hash value of the electronic certificate are equal to the second verifiable information.
According to a third aspect of the embodiments of the present invention, an apparatus for anonymously sharing certificates and results, includes:
the registration device: acquiring a user registration request, acquiring a unique seed and storing the unique seed in a wallet of the user when the user registration request is received, and deriving two key pairs by using the unique seed, wherein the two key pairs are a user signature key pair and a user encryption key pair respectively;
an electronic certificate generation device: generating a symmetric key by using the user signature key pair, the user encryption key pair and a signature key of an organization, and encrypting an electronic certificate of the user by using the symmetric key to generate first verifiable information and second verifiable information;
an electronic certificate issuing apparatus: and signing the first verifiable information and the second verifiable information by using a private key in a signature key pair of the organization and a signature private key in a signature key pair of the user, and uploading the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information.
According to a fourth aspect of the embodiments of the present invention, an electronic device of a method for anonymously sharing certificates and results includes:
the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor to invoke the program instructions to perform a method as any one of a certificate and a method by which a result can be shared anonymously.
According to a fifth aspect of embodiments of the present invention, a computer-readable storage medium of a method by which certificates and achievements can be shared anonymously, has stored thereon a computer program which, when executed by a processor, implements the steps of any of the methods as a method by which certificates and achievements can be shared anonymously.
The embodiment of the invention has the following advantages:
1. the use of a random key pair instead of a key pair for an educational institution can achieve the same effect as the process of issuing certificates and certificates in which an educational institution participates.
2. By verifying the verifiable information, the third party organization can confirm the ownership of the address of the uplink Transaction information HW3 (Transaction HW3) and map the uplink Transaction information HW3 to the work HW3 stored in the chain, so that the work HW3 in the plaintext uplink can be desensitized and does not contain any author's identity information. The work can be plaintext uplink shared, and the attribution of the work can be proved under the condition that the personal identity information of the student user is not disclosed, so that the personal information safety of the author is protected to the greatest extent.
3. Because the evidence storing mode of content addressing is used, the works of others can be identified and pasted as the works of the system to be stored in the uplink particularly by simple copying, and along with the increase of the evidence storing contents, the system can reject the evidence storing of some works which are obviously plagiarism or carried by identifying the attribution of the contents.
4. The student users can associate a plurality of versions of the works for uplink storage through submitting the object, new uplink transaction information does not need to be submitted for many times, and the method has the advantages that the works of the same course can be associated, storage space is saved, and platform carrying capacity is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so as to be understood and read by those skilled in the art, and are not used to limit the conditions that the present invention can be implemented, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the effects and the achievable by the present invention, should still fall within the range that the technical contents disclosed in the present invention can cover.
Fig. 1 is a flowchart of a certificate issuing method of a method for anonymously sharing and verifying certificates and results according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of key derivation of a method for anonymously sharing and verifying certificates and results according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a relationship between generating encryption and authentication information associated with an electronic certificate according to a method for anonymously sharing and authenticating a certificate and a result according to an embodiment of the present invention;
fig. 4 is a schematic diagram of the method for anonymously sharing and verifying certificates and results according to an embodiment of the present invention to generate uplink transaction information;
fig. 5 is a flowchart of verifying an electronic certificate according to a method for anonymously sharing and verifying a certificate and an outcome according to an embodiment of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example (b): a method for sharing certificates and achievements anonymously, as shown in fig. 1-5, comprising the following steps:
acquiring a user registration request, and acquiring and storing a unique seed in a wallet of a user when the user registration request is received;
deriving two key pairs by using the unique seed, wherein the two key pairs are a user signature key pair and a user encryption key pair respectively;
generating a symmetric key by using the user signing key pair, the user encryption key pair and the signing key of the organization;
encrypting the electronic certificate of the user by using a symmetric key to generate first verifiable information and second verifiable information;
and signing the first verifiable information and the second verifiable information by using a private key in a signature key pair of an organization and a signature private key in a signature key pair of a user, and uploading the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information.
Specifically, user registration: student users register to join the alliance chain through the member management system, obtain a unique seed (signature private key: SK _ sign), and store the unique seed in the user wallet. Two key pairs, namely a signature key pair { SK _ sign, PK _ sign } and an encryption key pair { SK _ enc, PK _ enc } are derived from the wallet and the seed, the derivation process is shown in FIG. 2, the key derivation is derived by an encryption algorithm, including SHA256, RSA algorithm, elliptic Curve encryption algorithm and the like, and in the embodiment, the elliptic Curve encryption algorithm based on the elliptic Curve Curve25519 is preferred.
Generating an electronic certificate: an organization user sends an application for issuing an electronic certificate and uploading a certificate to a student user, and after the student user authorizes the application, a symmetric key K _ enc is generated by using two key pairs of the student user and an organization signature key pair { rsk, rpk } to encrypt the learning record and the certificate of the student, so that anonymous and verifiable information Inf _ enc and Inf _ vf are generated.
Issuing an electronic certificate: signature is carried out on Inf _ enc and Inf _ vf by using a signature private key of an education institution and a signature private key of a student, and a chain-up deposit certificate of a chain-up address is calculated through a hash function together with desensitized certificate records.
More specifically, the student user registers: the student users register to join the online education and evidence-storing system through the member management system, and after the member management system confirms the identity information of the students, seeds are generated for the student users, namely the signature private key SK _ sigh is stored in the user wallet. The signature private key is the only identification of the user on the chain and can not be lost and revealed. The wallet automatically derives a signature key pair { SK _ sign, PK _ sign } and an encryption key pair { SK _ enc, PK _ enc } for the student user. The signature public key PK _ sign and the encryption public key PK _ enc are public information.
The authority user obtains the authority signature key pair rsk, rpk after verifying the identity of the entity through the membership management system.
An organization user sends an application for issuing an electronic certificate and uploading a certificate to a student user, and after the student user authorizes the application, a symmetric key K _ enc is generated by using two key pairs of the student user and an organization signature key pair { rsk, rpk } to encrypt the learning record and the certificate of the student, so that anonymous and verifiable information Inf _ enc and Inf _ vf are generated.
Generating encryption and authentication information associated with the electronic certificate: signature is carried out on Inf _ enc and Inf _ vf by using a signature private key of an education institution and a signature private key of a student, and a chain-up deposit certificate of a chain-up address is calculated through a hash function together with desensitized certificate records.
The student user sends the electronic certificate and the information Inf _ vf for verification to the third-party organization as required, the third-party organization plans the system to provide verification application, and the system returns verification information to the third-party organization through verification.
The education institution sends an application for issuing an electronic certificate and chaining the deposit certificate to the student user, the student user receives the application through the wallet, the student agrees to the application, and the client of the education institution receives the public key pair { PK _ sign, PK _ enc } of the student user shared by the system.
The signature private key esk of the education institution and the encrypted public key PK _ enc of the student user are combined with the elliptic curve algorithm to generate C _ enc. C _ enc generates a symmetric encryption key K _ enc by means of a key derivation function KDF.
C_enc=Curve(esk,PK_enc)=esk*PK_enc=esk*SK_enc*G;
K_enc=KDF(C_enc);
And encrypting the electronic certificate and the random number by using the K _ enc to obtain encrypted information Inf _ enc.
Inf_enc=K_enc(Digital Credential,Nonce);
And calculating a hash value of the signature public key PK _ sign and the electronic certificate of the student user to obtain Inf _ vf.
Inf_vf=SHA265(Digital Credential,PK_sign);
Generating uplink transaction information:
(1) the student user uses the signature private key SK _ sign to sign the electronic certificate, and the technology is realized as follows:
a. the system generates a random seed and calculates the Hash value Hash _ sign of the random seed, Inf _ enc and the agency signature public key epk:
hash sign ═ Hash (random seed, Inf enc, epk);
b. the system calculates the Hash values of a signature private key SK _ sign and Hash _ sign of a student user, and attaches the Hash _ sign to an electronic certificate Information column (Credential Information in the figure) of transaction;
the student signature is SHA256(Hash _ sign, SK _ sign);
(2) the education institution signs the issued electronic certificate, and the technology is realized as follows:
a. the system packages the electronic certificate information column and the signature public key epk of the organization and other necessary uplink information into signature information to be constructed:
pending mechanism signature Information (confidential Information, epk, other necessary uplink Information);
b. and the institution user signs the information to be signed by using the signature private key esk, and the signature information is attached to the transaction.
The agency signature (information to be signed, esk);
(3) generate uplink Transaction (Transaction) information:
transmission (confidential Information, epk, other necessary uplink Information, agency signature);
(4) calculating hash value of uplink transaction information and using the hash value as address uplink
content address=Hash(Transaction);
A method for verifying an electronic certificate is based on a method that a certificate and a result can be shared anonymously, and comprises the following steps: and when the electronic certificate and the second verifiable information sent by the user are acquired, returning verification information to the organization.
Specifically, verifying the electronic certificate: the student user sends the electronic certificate and the information Inf _ vf for verification to the third-party organization as required, the third-party organization plans the system to provide verification application, and the system returns verification information to the third-party organization through verification.
More specifically, verifying the electronic certificate:
(1) receiving certificate verification request of the organization user, and returning request content (including organization name, certificate purpose and the like) to corresponding student user
(2) The student user authorizes the viewing request: the wallet generates C _ enc using the student user's encrypted private key SK _ sign together with the institution signature public key epk with an elliptic curve algorithm. C _ enc generates a symmetric key K _ enc through a key derivation function KDF:
C_enc=Curve(epk,SK_enc)=epk*SK_enc=esk*SK_enc*G
K_enc=KDF(C_enc)
(3) decrypting Inf _ enc by using K _ enc to obtain decrypted electronic certificate information:
K_enc(Inf_enc)=(Digital Credential,Nonce)
(4) calculating the hash values of a signature public key PK _ sign and an electronic certificate (Digital credit) of a student user, and comparing the hash values with Inf _ vf, wherein the technology is realized as follows:
SHA256(Digital Credential,PK_sign)==Inf_vf
(5) sending certificate documents (PDF documents stored in the conventional form of wallets, etc.) or certificate information to the educational institution, returning a comparison result to the institution user,
the embodiment of the invention has the following advantages:
1. the use of a random key pair instead of a key pair for an educational institution can achieve the same effect as the process of issuing certificates and certificates in which an educational institution participates.
2. By verifying the verifiable information, the third party organization can confirm the ownership of the address of the uplink Transaction information HW3 (Transaction HW3) and map the uplink Transaction information HW3 to the work HW3 stored in the chain, so that the work HW3 in the plaintext uplink can be desensitized and does not contain any author's identity information. The work can be plaintext uplink shared, and the attribution of the work can be proved under the condition that the personal identity information of the student user is not disclosed, so that the personal information safety of the author is protected to the greatest extent.
3. Because the evidence storing mode of content addressing is used, the works of others can be identified and pasted as the works of the system to be stored in the uplink particularly by simple copying, and along with the increase of the evidence storing contents, the system can reject the evidence storing of some works which are obviously plagiarism or carried by identifying the attribution of the contents.
4. The student users can associate a plurality of versions of the works for uplink storage through submitting the object, new uplink transaction information does not need to be submitted for many times, and the method has the advantages that the works of the same course can be associated, storage space is saved, and platform carrying capacity is improved.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (9)
1. A method for anonymously sharing certificates and achievements is characterized in that: comprises the following steps
Acquiring a user registration request, and acquiring a unique seed and storing the unique seed in a wallet of the user when the user registration request is received;
deriving two key pairs by using the unique seed, wherein the two key pairs are a user signature key pair and a user encryption key pair respectively;
generating a symmetric key using the user signing key pair, the user encryption key pair, and a signing key of an organization;
encrypting the electronic certificate of the user by using the symmetric key to generate first verifiable information and second verifiable information;
and signing the first verifiable information and the second verifiable information by using a private key in a signature key pair of the organization and a signature private key in a signature key pair of the user, and uploading the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information.
2. The method of claim 1, wherein the certificate and the result are shared anonymously, and wherein: before generating the symmetric key by using the signature key pair of the user, the encryption key pair of the user and the signature key pair of the organization, acquiring authorization is further required, where the acquiring authorization specifically includes:
acquiring an application request of an organization, and sending an authorization request to the user after receiving the application request of the organization;
obtaining the authorization confirmation information after the user confirms authorization;
and after receiving the authorization confirmation information, sending the public key of the user signature key pair and the public key of the user encryption key pair to the client of the organization.
3. The method of claim 1, wherein the certificate and the result are shared anonymously, and wherein: the generating a symmetric key by using the signature key pair of the user, the user encryption key pair and the signature key of the organization specifically comprises:
generating C _ enc by a private key of a signature key pair of the organization, a public key of the user encryption key pair and an elliptic curve algorithm;
c _ enc generates a symmetric key through a key derivation function KDF;
encrypting the electronic certificate and the random number by using the symmetric key to obtain encrypted first verifiable information;
and calculating the hash value of the public key and the electronic certificate in the user signature key pair to obtain encrypted second verifiable information.
4. The method of claim 1, wherein the certificate and the result are shared anonymously, and wherein: the signing the first verifiable information and the second verifiable information with a private key of a signing key pair of the organization and a signing private key of a signing key pair of the user, and performing chain storage on the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information specifically comprises:
generating a random seed and computing a first hash value of the random seed, first verifiable information, and a public key of the authority signature key pair:
calculating a hash value of a private key and a first hash value in the user signature key pair to obtain a second hash value, and attaching the second hash value to an electronic certificate information column of the transaction;
packaging the public key in the electronic certificate information column and the agency signature key pair and the information needing to be linked up into signature information to be constructed;
signing the information to be signed by using a private key in the user signature key pair, and attaching the signed information to a transaction;
and generating uplink transaction information according to the signed information, calculating a third hash value of the uplink transaction information, and taking the third hash value as an address uplink.
5. A method for verifying an electronic certificate, based on the method for anonymously sharing a certificate and a result as claimed in claim 1, wherein: and when the electronic certificate and the second verifiable information sent by the user are acquired, returning verification information to the organization.
6. A method of electronic certificate authentication as claimed in claim 1, characterised by: when the electronic certificate and the second verifiable information sent by the user are obtained, verification information is returned to the institution, and the method specifically comprises the following steps:
obtaining a certificate of authenticity request of the organization;
acquiring a private key in the user encryption key pair and a public key in the signature key pair of the organization and generating C _ enc by an elliptic curve algorithm;
the C _ enc generates a symmetric key through a key derivation function KDF;
decrypting the encrypted electronic certificate by using the symmetric key and the first verifiable information to obtain decrypted electronic certificate information;
and calculating a public key in the user signature key pair and the hash value of the electronic certificate, comparing the public key with the second verifiable information, and sending a certificate document or certificate information to the organization when the public key in the user signature key pair and the hash value of the electronic certificate are equal to the second verifiable information.
7. An apparatus for anonymous sharing of certificates and results, comprising: the method comprises the following steps:
the registration device: acquiring a user registration request, acquiring a unique seed and storing the unique seed in a wallet of the user when the user registration request is received, and deriving two key pairs by using the unique seed, wherein the two key pairs are a user signature key pair and a user encryption key pair respectively;
an electronic certificate generation device: generating a symmetric key by using the user signature key pair, the user encryption key pair and a signature key of an organization, and encrypting an electronic certificate of the user by using the symmetric key to generate first verifiable information and second verifiable information;
an electronic certificate issuing apparatus: and signing the first verifiable information and the second verifiable information by using a private key in a signature key pair of the organization and a signature private key in a signature key pair of the user, and uploading the electronic certificate of the user, the signed first verifiable information and the signed second verifiable information.
8. An electronic device of a method for anonymous sharing of certificates and results, comprising:
the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 4.
9. A computer-readable storage medium of a method for anonymous sharing of certificates and results, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the method according to one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111382312.XA CN114065253B (en) | 2021-11-22 | 2021-11-22 | Method for anonymous sharing and verification of certificate and result |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111382312.XA CN114065253B (en) | 2021-11-22 | 2021-11-22 | Method for anonymous sharing and verification of certificate and result |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114065253A true CN114065253A (en) | 2022-02-18 |
| CN114065253B CN114065253B (en) | 2023-03-24 |
Family
ID=80278716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111382312.XA Active CN114065253B (en) | 2021-11-22 | 2021-11-22 | Method for anonymous sharing and verification of certificate and result |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114065253B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215225A (en) * | 2010-04-06 | 2011-10-12 | 英特尔公司 | Techniques for monetizing anonymized context |
| CN102624530A (en) * | 2012-03-14 | 2012-08-01 | 西安电子科技大学 | Certificate-free remote anonymous authentication method for wireless body area network |
| CN106656503A (en) * | 2016-10-13 | 2017-05-10 | 上海众人网络安全技术有限公司 | Key storage method, data encryption and decryption method, electronic signature method and devices thereof |
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
| CN108833385A (en) * | 2018-06-01 | 2018-11-16 | 深圳崀途科技有限公司 | User data anonymity sharing method based on the encryption of alliance's chain |
| US20180349894A1 (en) * | 2017-05-30 | 2018-12-06 | Christos Patrinos | System of hardware and software to prevent disclosure of personally identifiable information, preserve anonymity and perform settlement of transactions between parties using created and stored secure credentials |
| CN109087100A (en) * | 2018-08-02 | 2018-12-25 | 中国联合网络通信集团有限公司 | Cryptographic key distribution method, device, equipment and storage medium |
| CN109615373A (en) * | 2018-11-29 | 2019-04-12 | 中国电子科技集团公司第三十研究所 | The anonymous method for secret protection of supervision can be entrusted in a kind of block catenary system |
| CN110545169A (en) * | 2019-07-16 | 2019-12-06 | 如般量子科技有限公司 | Block chain method and system based on asymmetric key pool and implicit certificate |
| CN110830244A (en) * | 2019-10-22 | 2020-02-21 | 如般量子科技有限公司 | Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain |
| CN112035806A (en) * | 2020-07-21 | 2020-12-04 | 杜晓楠 | Method and computer readable medium for generating distributed identities based on fingerprinting in blockchains |
| CN112435020A (en) * | 2020-06-05 | 2021-03-02 | 成都链向科技有限公司 | Block chain based supervised anonymous transaction system |
| CN112487778A (en) * | 2020-11-16 | 2021-03-12 | 中信银行股份有限公司 | Multi-user online signing system and method |
| CN112685717A (en) * | 2020-12-29 | 2021-04-20 | 山东钢铁集团日照有限公司 | Metering electronic certificate verification management system based on block chain |
| CN113343201A (en) * | 2021-06-01 | 2021-09-03 | 联想(北京)有限公司 | Registration request processing method, user identity information management method and device |
| CN113392162A (en) * | 2021-07-14 | 2021-09-14 | 上海旺链信息科技有限公司 | Information sharing method, device, equipment and storage medium |
| CN113507452A (en) * | 2021-06-18 | 2021-10-15 | 北方工业大学 | Vehicle networking privacy protection data sharing system based on block chain |
-
2021
- 2021-11-22 CN CN202111382312.XA patent/CN114065253B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215225A (en) * | 2010-04-06 | 2011-10-12 | 英特尔公司 | Techniques for monetizing anonymized context |
| CN102624530A (en) * | 2012-03-14 | 2012-08-01 | 西安电子科技大学 | Certificate-free remote anonymous authentication method for wireless body area network |
| CN106656503A (en) * | 2016-10-13 | 2017-05-10 | 上海众人网络安全技术有限公司 | Key storage method, data encryption and decryption method, electronic signature method and devices thereof |
| US20180349894A1 (en) * | 2017-05-30 | 2018-12-06 | Christos Patrinos | System of hardware and software to prevent disclosure of personally identifiable information, preserve anonymity and perform settlement of transactions between parties using created and stored secure credentials |
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
| CN108833385A (en) * | 2018-06-01 | 2018-11-16 | 深圳崀途科技有限公司 | User data anonymity sharing method based on the encryption of alliance's chain |
| CN109087100A (en) * | 2018-08-02 | 2018-12-25 | 中国联合网络通信集团有限公司 | Cryptographic key distribution method, device, equipment and storage medium |
| CN109615373A (en) * | 2018-11-29 | 2019-04-12 | 中国电子科技集团公司第三十研究所 | The anonymous method for secret protection of supervision can be entrusted in a kind of block catenary system |
| CN110545169A (en) * | 2019-07-16 | 2019-12-06 | 如般量子科技有限公司 | Block chain method and system based on asymmetric key pool and implicit certificate |
| CN110830244A (en) * | 2019-10-22 | 2020-02-21 | 如般量子科技有限公司 | Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain |
| CN112435020A (en) * | 2020-06-05 | 2021-03-02 | 成都链向科技有限公司 | Block chain based supervised anonymous transaction system |
| CN112035806A (en) * | 2020-07-21 | 2020-12-04 | 杜晓楠 | Method and computer readable medium for generating distributed identities based on fingerprinting in blockchains |
| CN112487778A (en) * | 2020-11-16 | 2021-03-12 | 中信银行股份有限公司 | Multi-user online signing system and method |
| CN112685717A (en) * | 2020-12-29 | 2021-04-20 | 山东钢铁集团日照有限公司 | Metering electronic certificate verification management system based on block chain |
| CN113343201A (en) * | 2021-06-01 | 2021-09-03 | 联想(北京)有限公司 | Registration request processing method, user identity information management method and device |
| CN113507452A (en) * | 2021-06-18 | 2021-10-15 | 北方工业大学 | Vehicle networking privacy protection data sharing system based on block chain |
| CN113392162A (en) * | 2021-07-14 | 2021-09-14 | 上海旺链信息科技有限公司 | Information sharing method, device, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| NAN GUO等: "Random oracle-based anonymous credential system for efficient attributes proof on smart devices", 《SOFT COMPUTING》 * |
| 迟令: "基于无线传感器网络的身份认证体系的研究", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114065253B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10673632B2 (en) | Method for managing a trusted identity | |
| US10924264B2 (en) | Data validation and storage | |
| CN108292401B (en) | Secure digital data manipulation | |
| US20160162897A1 (en) | System and method for user authentication using crypto-currency transactions as access tokens | |
| CN109845220A (en) | For providing the method and apparatus of block chain participant's identity binding | |
| CN112950220B (en) | Enterprise digital identity management system and method based on blockchain | |
| CN112106324A (en) | Methods, computer program products and devices for creating, registering and verifying digitally stamped assets | |
| CN106992988B (en) | Cross-domain anonymous resource sharing platform and implementation method thereof | |
| EP3556069A1 (en) | System and method for securely processing an electronic identity | |
| US10992683B2 (en) | System and method for authenticating, storing, retrieving, and verifying documents | |
| WO2021174927A1 (en) | Blockchain-based identity verification method and apparatus, device, and storage medium | |
| WO2021134900A1 (en) | Blockchain supply chain transaction hidden static supervision system and method | |
| CN109858911A (en) | Qualification verification method, device, system, equipment and readable storage medium storing program for executing | |
| WO2021134897A1 (en) | Blockchain supply chain transaction hidden dynamic supervision system and method | |
| WO2021114495A1 (en) | Supply chain transaction privacy protection system and method based on blockchain, and related device | |
| Chowdhary et al. | Blockchain based framework for student identity and educational certificate verification | |
| CN114389810A (en) | Certificate generation method and device, electronic device and storage medium | |
| EP4035305A1 (en) | Partitioning a request into transactions for a blockchain | |
| CN114065253B (en) | Method for anonymous sharing and verification of certificate and result | |
| CN117280346A (en) | Method and apparatus for generating, providing and forwarding trusted electronic data sets or certificates based on electronic files associated with a user | |
| Senthilkumar | Data confidentiality, integrity, and authentication | |
| KR102569582B1 (en) | Method for Selective Disclosure of Attribute Information and Zero-Knowledge Proof Using Attribute-Based Encryption | |
| MONDAL et al. | AN EFFICIENT E-CERTIFICATE MANAGEMENT SYSTEM IN E-LEARNING USING BLOCKCHAIN | |
| Careja et al. | Digital Identity Using Blockchain Technology | |
| Take et al. | Customized ecertification generation using blockchain technology for distributed framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231007 Address after: Room 330, 3rd Floor, Building 1, No. 100 Hulan West Road, Baoshan District, Shanghai, 2019 Patentee after: Shanghai Jimu Galaxy Digital Technology Co.,Ltd. Address before: 7b1-1, No. 588, Ji'an Road, Baoshan District, Shanghai, 201900 Patentee before: Shanghai wangchain Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |